The vulnerability of the ConfigXmlUtils function in the JDBC driver library allows a attacker to cause a service failure.

🗓️ 22 Apr 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

ConfigXmlUtils flaw in the c3p0 database driver enables remote service disruption from entity errors.

Reporter	Title	Published	Views	Family All 51
AstraLinux	Astra Linux - уязвимость в c3p0	20 May 202605:53	–	astralinux
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ	20 Feb 202012:42	–	ibm
CVE	CVE-2019-5427	22 Apr 201920:52	–	cve
Cvelist	CVE-2019-5427	22 Apr 201920:52	–	cvelist
Debian CVE	CVE-2019-5427	22 Apr 201920:52	–	debiancve
EUVD	EUVD-2019-0409	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30	29 May 201900:50	–	fedora
Fedora	[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29	29 May 201902:59	–	fedora
Tenable Nessus	Fedora 29 : c3p0 (2019-063672154a)	29 May 201900:00	–	nessus
Tenable Nessus	Fedora 30 : c3p0 (2019-cb14e234fc)	29 May 201900:00	–	nessus

Vulners

Node

oracle retail_returns_managementMatch14.1

oracle retail_point-of-serviceMatch14.1

oracle fusion_middleware_mapviewerMatch12.2.1.3.0

oracle primavera_unifierMatch16.2

oracle primavera_unifierMatch16.1

oracle oracle_retail_order_brokerMatch15.0

oracle oracle_retail_order_brokerMatch16.0

oracle enterprise_manager_ops_centerMatch12.4.0

oracle primavera_unifierMatch18.8

oracle retail_customer_management_and_segmentationMatch18.0

oracle retail_xstore_point_of_serviceMatch15.0

oracle retail_xstore_point_of_serviceMatch16.0

oracle retail_xstore_point_of_serviceMatch17.0

oracle retail_xstore_point_of_serviceMatch18.0

oracle retail_xstore_point_of_serviceMatch19.0.0

oracle oracle_communications_ip_service_activatorMatch7.4.0

oracle primavera_unifierMatch19.12

oracle primavera_unifierRange17.7–17.12

oracle oracle_retail_order_brokerMatch18.0

oracle retail_integration_busMatch15.0

oracle retail_integration_busMatch16.0

red_hat red_hat_fuseMatch7.0.0

red_hat red_hat_fuseMatch7.0.1

red_hat red_hat_fuseMatch7.1.0

red_hat red_hat_fuseMatch7.1.1

red_hat red_hat_fuseMatch7.2.0

red_hat red_hat_fuseMatch7.3.0

red_hat red_hat_fuseMatch7.3.1

red_hat red_hat_fuseMatch7.4.0

red_hat red_hat_fuseMatch7.5.0

oracle oracle_banking_enterprise_originationsMatch2.7.0

oracle oracle_banking_enterprise_originationsMatch2.8.0

oracle oracle_retail_order_brokerMatch19.0

oracle oracle_flexcube_investor_servicingMatch12.1.0

oracle oracle_flexcube_investor_servicingMatch12.3.0

oracle oracle_flexcube_investor_servicingMatch12.4.0

oracle oracle_flexcube_investor_servicingMatch14.0.0

oracle oracle_flexcube_investor_servicingMatch14.1.0

oracle oracle_flexcube_private_bankingMatch12.0.0

oracle oracle_flexcube_private_bankingMatch12.1.0

oracle oracle_communications_session_route_managerRange8.2.0–8.2.2

oracle enterprise_manager_base_platformMatch13.2.1.0

oracle hyperion_infrastructure_technologyMatch11.1.2.4

oracle oracle_communications_ip_service_activatorMatch7.3.0

fedora fedoraMatch29

fedora fedoraMatch30

Source	Link
hackerone	www.hackerone.com/reports/509315
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-5427
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
oracle	www.oracle.com/security-alerts/cpuapr2020.html
oracle	www.oracle.com/security-alerts/cpujan2021.html
oracle	www.oracle.com/security-alerts/cpujul2020.html
oracle	www.oracle.com/security-alerts/cpuoct2020.html
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.9/

09 Jan 2024 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 37.5

CVSS 27.8

EPSS0.04882