DATABASE RESOURCES PRICING ABOUT US

{"id": "4DFE5A6ED234327248E8451B57200F8C7A68429EC3CCCB0DFECC6728217B38C9", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit", "description": "## Summary\n\nThe IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable, as per the CVEs listed in the Vulnerability Details section. These vulnerabilities affect some development tasks in the product toolkit. [CVE-2022-29599] and [CVE-2020-10683] only affect Test and Java projects if they have been configured to be a Maven project. The resolving fix has been provided in the Remediation Fixes table\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-10683](<https://vulners.com/cve/CVE-2020-10683>) \n** DESCRIPTION: **dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8032](<https://vulners.com/cve/CVE-2018-8032>) \n** DESCRIPTION: **Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default servlet/services. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n** DESCRIPTION: **Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95377>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-0227](<https://vulners.com/cve/CVE-2019-0227>) \n** DESCRIPTION: **Apache Axis is vulnerable to server-side request forgery, caused by an expired hard coded domain, used in a default example service named StockQuoteService.jws. By using a man-in-the-middle attack to force an HTTP request, a remote attacker could exploit this vulnerability to conduct an SSRF attack, allowing the attacker to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n** DESCRIPTION: **Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79829>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-26049](<https://vulners.com/cve/CVE-2023-26049>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2010-2232](<https://vulners.com/cve/CVE-2010-2232>) \n** DESCRIPTION: **Apache Derby could allow a remote attacker to overwrite arbitrary files, caused by a flaw in the Export functionality. An attacker could exploit this vulnerability to overwrite arbitrary files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/134130](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134130>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2015-1832](<https://vulners.com/cve/CVE-2015-1832>) \n** DESCRIPTION: **Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115625](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115625>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2009-4269](<https://vulners.com/cve/CVE-2009-4269>) \n** DESCRIPTION: **Apache Derby could allow a remote attacker to obtain sensitive information, caused by the reduction of the size of the set of inputs to SHA-1 by the password hash generation algorithm managed by the BUILTIN authentication functionality. By generating hash collisions, a remote attacker could exploit this vulnerability to crack passwords and obtain sensitive information. \nCVSS Base score: 2.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/61202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/61202>) for the current score. \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-29599](<https://vulners.com/cve/CVE-2022-29599>) \n** DESCRIPTION: **maven-shared-utils could allow a remote attacker to execute arbitrary commands on the system, caused by the emission of double-quoted strings without proper escaping by the Commandline class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13936](<https://vulners.com/cve/CVE-2020-13936>) \n** DESCRIPTION: **Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197993](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM App Connect Enterprise Toolkit | 12.0.1.0 - 12.0.8.0 \nIBM App Connect Enterprise Toolkit | 11.0.0.1 - 11.0.0.20 \nIBM Integration Bus Toolkit | 10.1 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus.\n\nAffected Product(s)| Version(s)| APAR| Remediation / Fix \n---|---|---|--- \nIBM App Connect Enterprise Toolkit | 12.0.1.0 - 12.0.8.0| IT43697| \n\nInterim fix for APAR (IT43697) is available to apply to 12.0.8.0 from \n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.8.0&platform=All&function=aparId&apars=IT43697>) \n \nIBM App Connect Enterprise Toolkit | 11.0.0.1 - 11.0.0.20| IT43697| \n\nInterim fix for APAR (IT43697) is available to apply to 11.0.0.20 from \n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.20&platform=All&function=aparId&apars=IT43697>) \n \nIBM Integration Bus Toolkit| 10.1| IT43697| \n\nInterim fix for APAR (IT43697) is available to apply to 10.1 from\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.1&platform=All&function=aparId&apars=IT43697>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2023-06-30T09:23:53", "modified": "2023-06-30T09:23:53", "epss": [{"cve": "CVE-2009-4269", "epss": 0.00153, "percentile": 0.5138, "modified": "2023-12-02"}, {"cve": "CVE-2010-2232", "epss": 0.0021, "percentile": 0.58629, "modified": "2023-12-02"}, {"cve": "CVE-2012-5784", "epss": 0.0012, "percentile": 0.45841, "modified": "2023-12-02"}, {"cve": "CVE-2014-3596", "epss": 0.00102, "percentile": 0.41147, "modified": "2023-12-01"}, {"cve": "CVE-2015-1832", "epss": 0.00531, "percentile": 0.74375, "modified": "2023-12-02"}, {"cve": "CVE-2018-8032", "epss": 0.00322, "percentile": 0.6729, "modified": "2023-12-01"}, {"cve": "CVE-2019-0227", "epss": 0.89205, "percentile": 0.98443, "modified": "2023-12-02"}, {"cve": "CVE-2020-10683", "epss": 0.00645, "percentile": 0.76876, "modified": "2023-12-02"}, {"cve": "CVE-2020-13936", "epss": 0.00224, "percentile": 0.60459, "modified": "2023-12-02"}, {"cve": "CVE-2020-27223", "epss": 0.03112, "percentile": 0.89968, "modified": "2023-12-02"}, {"cve": "CVE-2021-28165", "epss": 0.7925, "percentile": 0.97966, "modified": "2023-12-02"}, {"cve": "CVE-2021-28169", "epss": 0.00304, "percentile": 0.66264, "modified": "2023-12-02"}, {"cve": "CVE-2022-2047", "epss": 0.0006, "percentile": 0.23642, "modified": "2023-12-02"}, {"cve": "CVE-2022-29599", "epss": 0.03363, "percentile": 0.90321, "modified": "2023-12-02"}, {"cve": "CVE-2022-38398", "epss": 0.00229, "percentile": 0.60826, "modified": "2023-12-01"}, {"cve": "CVE-2022-38648", "epss": 0.00195, "percentile": 0.57137, "modified": "2023-12-01"}, {"cve": "CVE-2022-40146", "epss": 0.00135, "percentile": 0.48516, "modified": "2023-12-01"}, {"cve": "CVE-2023-26049", "epss": 0.00172, "percentile": 0.5419, "modified": "2023-11-11"}], "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/7001793", "reporter": "IBM", "references": [], "cvelist": ["CVE-2009-4269", "CVE-2010-2232", "CVE-2012-5784", "CVE-2014-3596", "CVE-2015-1832", "CVE-2018-8032", "CVE-2019-0227", "CVE-2020-10683", "CVE-2020-13936", "CVE-2020-27223", "CVE-2021-28165", "CVE-2021-28169", "CVE-2022-2047", "CVE-2022-29599", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2023-26049"], "immutableFields": [], "lastseen": "2023-12-02T17:51:33", "viewCount": 32, "enchantments": {"score": {"value": 9.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:4797", "ALSA-2022:4798"]}, {"type": "amazon", "idList": ["ALAS-2013-164", "ALAS-2014-412", "ALAS-2023-1695", "ALAS2-2021-1690", "ALAS2-2022-1794", "ALAS2-2023-1966"]}, {"type": "atlassian", "idList": ["BSERV-14568", "CONFSERVER-93178", "JSWSERVER-22145"]}, {"type": "attackerkb", "idList": ["AKB:32EDF036-241C-427F-85CC-0FA70C756F04"]}, {"type": "centos", "idList": ["CESA-2013:0683", "CESA-2014:1193"]}, {"type": "cgr", "idList": ["CHAINGUARD:CVE-2023-26049"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0539", "CPAI-2020-3308"]}, {"type": "cnvd", "idList": ["CNVD-2022-53585", "CNVD-2022-73690", "CNVD-2022-73692", "CNVD-2022-73693"]}, {"type": "cve", "idList": ["CVE-2009-4269", "CVE-2010-2232", "CVE-2010-4474", "CVE-2012-5784", "CVE-2014-3596", "CVE-2015-1832", "CVE-2018-8032", "CVE-2019-0227", "CVE-2020-10683", "CVE-2020-13936", "CVE-2020-27223", "CVE-2021-28165", "CVE-2021-28169", "CVE-2022-2047", "CVE-2022-29599", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2023-26049"]}, {"type": "debian", "idList": ["DEBIAN:DLA-169-1:4CEDF", "DEBIAN:DLA-169-1:D3370", "DEBIAN:DLA-2191-1:6C344", "DEBIAN:DLA-2191-1:AF8DE", "DEBIAN:DLA-2595-1:23005", "DEBIAN:DLA-2595-1:62C40", "DEBIAN:DLA-2688-1:2288A", "DEBIAN:DLA-2821-1:A72F4", "DEBIAN:DLA-3059-1:D01B7", "DEBIAN:DLA-3079-1:54C24", "DEBIAN:DLA-3086-1:6C799", "DEBIAN:DSA-4949-1:1212B", "DEBIAN:DSA-5198-1:7BE9E", "DEBIAN:DSA-5242-1:92990", "DEBIAN:DSA-5507-1:8360A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-4269", "DEBIANCVE:CVE-2010-2232", "DEBIANCVE:CVE-2012-5784", "DEBIANCVE:CVE-2014-3596", "DEBIANCVE:CVE-2015-1832", "DEBIANCVE:CVE-2018-8032", "DEBIANCVE:CVE-2019-0227", "DEBIANCVE:CVE-2020-10683", "DEBIANCVE:CVE-2020-13936", "DEBIANCVE:CVE-2020-27223", "DEBIANCVE:CVE-2021-28165", "DEBIANCVE:CVE-2021-28169", "DEBIANCVE:CVE-2022-2047", "DEBIANCVE:CVE-2022-29599", "DEBIANCVE:CVE-2022-38398", "DEBIANCVE:CVE-2022-38648", "DEBIANCVE:CVE-2022-40146", "DEBIANCVE:CVE-2023-26049"]}, {"type": "exploitdb", "idList": ["EDB-ID:46682"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:A8C8424AAD98145F43A2AF9734E0BCF4"]}, {"type": "f5", "idList": ["F5:K02349370", "F5:K14371", "F5:K15338344", "F5:K16821", "F5:K51048910", "F5:K97399672", "SOL14371", "SOL16821"]}, {"type": "fedora", "idList": ["FEDORA:14FC430CCAB7", "FEDORA:5714E210D8", "FEDORA:B0F9260499C1", "FEDORA:BECED21863"]}, {"type": "freebsd", "idList": ["E358B470-B37D-4E47-BC8A-2CD9ADBEB63C"]}, {"type": "gentoo", "idList": ["GLSA-202107-52"]}, {"type": "github", "idList": ["GHSA-26VR-8J45-3R4W", "GHSA-53JM-3HC9-FQQC", "GHSA-55W9-C3G2-4RRH", "GHSA-59J4-WJWP-MW9M", "GHSA-96JQ-75WH-2658", "GHSA-C5XV-QC8P-MH2V", "GHSA-CJ7V-27PG-WF7Q", "GHSA-FH32-35W2-RXCC", "GHSA-GWCR-J4WH-J3CQ", "GHSA-H4QG-P7R2-CPG3", "GHSA-H9GJ-RQRW-X4FQ", "GHSA-HWJ3-M3P6-HJ38", "GHSA-M394-8RWW-3JR7", "GHSA-P26G-97M4-6Q7C", "GHSA-R53V-VM87-F72C", "GHSA-RHGR-952R-6P8Q", "GHSA-WR69-G62G-2R9H", "GHSA-XPRW-XVVM-VQMV"]}, {"type": "githubexploit", "idList": ["0E1665AE-2CBB-5D4A-BE9C-A2793EC75AC0", "118FD91B-BB0A-5906-9540-38E7A734EC71", "194C161A-A17E-51A4-97CC-179E45EC7253", "5D9EABE3-971E-5747-9FD9-1B43A555CBF3", "7C6A25CE-E02A-57D4-B020-A998CFA24D76", "9C335E1A-165C-541E-A575-B5C02EABA609", "9DD5B5AD-483F-59A3-9412-0B8F455B6CA6"]}, {"type": "gitlab", "idList": ["GITLAB-E7565CFE99C4A592C78587EF9473A0A5", "GITLAB-F3664DEA7C9C3BD1A6B7E11EF6D6F9D2"]}, {"type": "hp", "idList": ["HPSBHF03876"]}, {"type": "ibm", "idList": ["0029ABBB141B6B352048BA2F9DF7D2CCCF9E41BEDC2A8E7CA69432B1B68A991E", "04870652CD3948470489F2A7409F2A56C93E2AC37776816BED9621DEFC07CE10", "05BC797FA6DE395BD404A4F786157060F1D9F2A7B475078E13A5B858C1706A2D", "07E8A1E69ED666CFDFAAD649AB7298FF62E99B50F1A4C18E8409EF5718BE0D86", "098A0B0BBDA18721083717F103FE7FB2B2BBE2394E33149D968FE7B59A7B2AD4", "09FC3FBC51CAF7ED6FF9E6507FC10B2C0B37A2A466C3A2695D0D280699AFE020", "0A12634B7E90F6B66DBABA927FA1DF7ABDC677163C09E176ADF85E8D8217631D", "0AA4C144A9AD1C920DEB05F8F9B652C8F551D731D57E67AE40CED2868B3F4619", "0AB88FA1BA9F4B3BD14275985B23E53577C278963878E2CBA53AD9C0D4A67860", "0C789A293EDA416139FC93A0F98B711533975F4FF301F513B32B4DA1FA748C6A", "1378324B26B4E7BDC93373980A4620FD738C8144E1187E83A11421110D2E9651", "147A4A45B7F74A2460AB0B30F03465821EDE2901DCB6027BFF8FD700A46C6ED2", "152DBBBD89777F049F222CCBB92B4558AF83750C87593C90CA6D85B18A25D750", "167951D4CB6682B161C7C63B81A840E45EF18CAE83E9A3ED32C423308A35D68F", "1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "1AA4611E8CEF92D7DAB3035A8D24E6E9D88F1CF99EEC6736B41463D5EEF4773E", "1C1786F3BA8996071AB385BFDC4572F4247C792D5188A0C83F65E8CEDA006492", "1E559E7090256E3FB7745AD1AF8C1D5086DF25E1AF00E952D821555C8A1D7756", "1F707BCFF7B87B9F76A41F8C24CF01CE9AF5A20146DFADFAD12F1F209431504F", "1F74C18809B4642477D9BFB857B02CDCE5F1FD17731A7F1BB3FE3345BB84EBC5", "20D78D1F15CF6719B26AF45D46BE8B0697952AFB6607D042E039580C6BCF92BE", "216179E551C49CBFF5934741B44C24798A7F995FDD9B48911DDA2A3BD93598A8", "23AB1359D15EC31DAFC79976B5B3C7BFD81BAADFED3A90DBE20CA2C4142B9E15", "249CBA5B66260044B62E39399D6B9F244A48D1E592B1161909D570007F89EB54", "254D1A9833B5A712D167DA421085DA46FD1673E87E814D7DBF09A4A94EF99EFE", "25DE8BF64C58EFD9DD2C92C9D544C32FD6567CEC26CF6C9D70956F831B66255A", "2685C67792A944C5EA20F8088BC8F9FCF5A3D1AEB731FDF7D1B21072FC55A8BF", "26FA2412F9FF41AE6F3B6EFD82213308C0CDAB5A4B64CEA46FA5FFB290656D9E", "27BC70E2EA08EE1D00F1DC696806FF0E8D5E261D13D8DFE4629529B49DBE187D", "293645B2D1DBA6A8DF2A76EDDBD2B07D450136614967691BC7DB6623F06418F1", "2AD1F86BAC93366F89BAA6BECFE551E5D80A650C29A4222CD9BF66F9689BF3F3", "2C7A202CF681DFE27A9E39A40FFE9D628074A090295491F4F44A86E555D247C3", "2D1C0AA1418FBF47302662148F950E7C026FF064EF3B9F6614CBF0F8FA30BD0A", "2D33B671C1349B1C860A810FD3DA5D2493227E811CFBB21D7E6A7EFDC1ADDF8A", "2E4AE144A0CE46F0B21DDCD0E57D2F32B9242E6EA360EE8F749F9D2219693213", "312FEA8CBB6FB09139A0372941C757E6353A133DED964ECB82D11B9931ED6F3C", "324040B56271D71A84F2DAB2E4D80E3170D2FCFDEAE2B5A6CAB0DF69F449B230", "34127F0DBEE9F1D5A8DA68761FC500FB33FE2AF4896D1449F1DD100D652C514D", "37BE836A5BB19C4471A88D043C073A06FB3CBC59B13C39869F580917AFF132C2", "39C214FD5E5504CD5F6F1D889575FBD4E81A443FEF59E6207CD831893A63CFFE", "3BF2E5B5DC96CFF6560CACA72BDEFBC18C7F886DCC73DD4BC3A493BD7B4647F1", "407C5BA6F87D87480BE2E35485ACB27324098C08D9473ABCDC85674836045459", "40E8D8CD3D289D5B3A18FFDC1682B381BFAA1B6AAF8644A74CA52EB0F01D86E8", "429C6224339DD251B4F19FC9E08784DBF78E1C0DA9099B83B8B73D5A63535E87", "441A6459C1CBE843EDD7F5C4D862AA7C6F90584EA901F82EF1B6D31B418078EB", "46841490BA00E1B72141F45F2BD10E972685636683DB0D5172108C12A907C690", "4831008AAD7ECEB15BCC2AF6CA0B235A90580284A36262D069AC3AB661CBEA80", "4BD354244A517CDA55003D811BCEED5A9E9EB4CD17E6E3996C5E121E95EF93DA", "4BF223391C936C5664E65BE0C1633537E0B423C3C637E028FA4ABFD7531FC294", "4F2F1CEC21593E14CFA5185766BAB1A3ACE3CE7606D9506EA35A0E0677085BC7", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "573F294E16A1C9B7682B48604209232E9D20CDAD4F9D09F633AA855F804E24CD", "59676B587915DA38DBC28F553B21C44247E6C322244BEA729303B9DB0BB09F30", "5C562A8B9EE6F8140582D44530977F0DEA3EFB52F7ACF87EFAA39CE6862AA47A", "5EFA5D1E9AAEAF2507DA4F9BC0FC0BDB57AB8A9DC4A590E8CCAE5E336D07300E", "60DB7F5346C5B9A16FA72AD40E93F7504EC85787EA9E05A8A2B66219C25CEE88", "6195FD892AA154A172FA62D1C3179F1BED3A69333139BC056B6242D7A468E832", "629818E44ECBBC14327D01DD31BD162798FE2E718C78D969624EEE5130B4EFF8", "64ADFD088203597B59C398AB3DEF28DC4F72D37A4C48C7FA81C6531EDA6A9877", "651FC6C43CFDB4526EFE8A1D3CEE61C57B4A3336B9A1E33A1FC8E787A7B5B69A", "654EC4741C192A4D4B8ACB967C8C2D31BEFC1442C9B7DCC262604FE1AE69DF3B", "656937FA945DE5E58B9B5C0431A830AA521D479596EA01ACED0A20A166C4E3B3", "66886B86D22AD162D05F9B987C32085ED4A1AA2754E87D356E718DE087B7313A", "6834E3905AADC819DB5BF4042B617F874AC24BCB0AC2F484A2275161173B7A89", "685144E7CAC9FF3324BB0BF0C6A7FD723FC8F31C74697ED3FED9D0604A4FD166", "6B0EA5EC8A444AC10EC1F200C7B61DAF5E4F6E89E5C2943D1BA5016D81598440", "6DF11C48DBD150389BD788E33E0F9C8BBDAF1FA8674FAE3BD975AF6F35875619", "6F20904FE511CD3681D86086F079C27E41F83597333D2800D08AEA4F1DB34CAE", "6FCB312F851B6934988595C2E7724A5C11C84D610341D83ADD1A696432243B50", "7070BA75AD9272268135D5A4C79AF1BE8BF2BD1AD2A057457ACAA7D349BC9AAB", "72107B5B044ADA4605381DCD3B4137BBDC154A1A26CE52CBCEAD0290DE49633B", "72A47F519F05D049AA59B419C00A1C76DE8FBF31E2F16B5EC5DD4C10D824BA99", "72E563FF799565BA0BAC30781F2F7618D43BA295DE1DABC0839C7F0ECB363255", "7723E7232CDF38CAF6FB9BEBC720727705544B73B826D4C481C2D54FB681768E", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "78EEA56B2A5DF0C85488A5A142301BFC2DAF518E90B972461A497445D7F5E4DE", "7B7E5FE63E5BA01D0BE8E52E488A85BCD7535BDA074BC139CEF38EDB99E4109B", "7BA4477E31F0742E8343D17E0A2D228AE1F056E1F21CE43E43CE007603B382C4", "7BE11F93427DE2496C264310F6C3E92E19016A048F64608DB74BA4A182CBE343", "7CE4B0696905C1B249B7E4F9FAF56E48BD840AB3F8AE938159BC93F9D02126A2", "818B433278D5E2420F4213C71C6036E7BA5EA3C87CB6A3BC405627E0A3B9E898", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "868BCF589AE48EA963535B60103C986C989EA814CF21EE80F882A9F14F2D0010", "86A0B847D48ABE8E582B1C33E6C19AB73FD9D93A80B340CCDC1D166A92F95ED8", "88B8DC6EA75D39C653142024A42B12BB1759F97DF4BF203772EFB3960C20E495", "8AC2B8BF18DFE033F865ED53A61B3DBEB5E0DF21D0F1634B030AAECB5AAD0C73", "929C35115AE59AE56E52A57119760321DF086FE1B63BFB0514B7F968B19B357D", "92C2D58DB9DA7102D7F9C515B4EE2CED16C0735F48AA49B707B24837E12E16B9", "9308099D073B8B4A5B875ABF63A2A8BA4F4ABCB691E71E14B89B4833B4ED12AD", "93E761543025316E6AC0553C8F81C852041E59C9B1375D1BEA42BE5C819BAD5D", "945A7F42BA5C20E540020137746666888ECCF80B8525C6A9C67236A3E2922892", "963BC56FF969F86F986C67D10776EBB2A2F37948E3376D8A1E0338B322512CA5", "9A4B42181E5D8A9CEA3178AD3E0CFEA6672BA250DEBDA4E822FCC8B9D4F87CF1", "9B8AC5723736784F74E2C089770660E3789D8E0AD4E81866BBD47FBA076FC423", "9E000F7476556476AEE95CB4146B2A253514DEE75B0311EF33234ADF9D66D80E", "9F6487BF846376FC220D99B23901314F5CE462ED301BA2B9B602F899EE6F7D3D", "A132B986390AF1F9E72FC2BA2D182292BDE9C04B2252C517AB8A39E9F7A25581", "A13F938AA79D57021B953A77BB7F77514FF334329E0A290840B51BFF3BF61B87", "A724C1C298DF0328AFF2B1170E92F0708FBBEE895695B7BBE41EE9CE6791DDE9", "A857491C12F9690D2E334D725B20D01FDC9D61A02AE30B77254F5FA19329D7D1", "A9974419F36F880D84368C3B8139403D5A28E21A2C2B6D2DC8AA50229C8442A7", "AA89CD13766330BE8154E28E955189B9CCFB8AB009CA44D5C0B78A73FA967A9A", "AA9924D97A331BFEF405C5965F86807ACBF07005A06B3D61D1E7556C355A7841", "AAE68AA2EFC385FF3EBD4382FB866664D480CC7F1DD4B169227644E77ADC4B20", "AEB328CC8D931D2BFACDBB1708074AFF2A53C68C85557EC09C82031DA56AED69", "AEC0722767EA21CDE0F10129C001F976425E48E7F302D7C24108AFF251D12D6D", "B012B0C0F4E431148BC7F04E52984699E4B4659619BFA03B6DE33961CE515ADE", "B0FF85DCDE8644B3484BD6CF258480DD40154E7BDFEEDF7A128BF747F3AC618F", "B1CB4F2A0E5AEB4C5A4669E5319B0B50605F31B798EE4E07A4D889EECCAC2AD2", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B43C19A7C3830FE0BD2A0DC67EEA1A869FB4BCDC9E39048C7D25BAD77DC3AA41", "B443C6268C32A55B714975F403CE2E916F8F1924C5682DCFF02C21AFD815860C", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B6AD63732CD23EB3783BEBE65A96853CF122BD7D974D6A2E99CEFBBCE664A170", "B6B67D0D1319E2FCA4CF5A1EE001D96E0B84174BED6606885F47712CA7EF9DB3", "B9C7132D775DE65C4A7C7EA65CB4611218B4F54983B765131C39E74D07EE9525", "BBFA7DDBA21D296590459BEF46C40DDAE4995F3DCB223548A0039A3F5B8A2C20", "BFE9CCBA811F40E20F265E8D27EF62442D51AF932BA0BC40FB7D17C0A62986CE", "C10FBBF5A8E11974F87E6A099C17E72598C3522DD897AF08DEDE1BCE75AC993E", "C11BA9E14CD6800C4F5B26BAB241BCB07EF8006C97D429A46A56F40566B74CA8", "C38AFDD82BC77228F8D7DDBD5DE927E97F8C97D1E6B1F76B6C890149323EE9E7", "C4495578DFC2AF6BF1D2F3D8F5217307759E493A1C62E3F8F440FB6B59A05B65", "CC880FD42ACE378BD904CC439E25DC3F1C7A2C481FD4754B7328B62334D1322F", "CC955D63C5A677B05E118A898E1FA6F660887714CEC0064650D28CE42265F548", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CE9B7DAE68B959C5E4A5F965424DF5CB00879B1AB1296B115DB9CB1B8ACD054F", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3", "DC598384160FFCC4F7196BB511E6CD474F036CD26C81C27C5E29EC3E0F1BA6FD", "DDAE44367545E909F1C5E82BA6B48DEA1D51F717CEAE6CED7805AFEA883D85F1", "E05CC151FBA87195514CB65A3CB00BD8B2697F1C08602EC6A35EBF3E97CE31AB", "E10BC13298A9A4496B5501AD4EE6BBBE01F92EC5AEB159012EF32968ADD4E4AE", "E7B26F1EAEFB4260D24EE36CC6F4BF7A433546C3ED0AB3E0C2C3FEF44B61DA61", "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "EB4D77DF2606CC961A9837462FA9F768B43E2641736E483B9318E136D52C90D1", "EC4B00EBCD41BEC5ED4E0FAD95E591C72B412CD4A25710944DF52D9B3D888B31", "ED8F8307E017F0B5E99D75B0A0278941C71E34AEAB269BE8FE00779D7C4262C4", "EDFA9D5968081EDE399774767050C178F730BD070533CFA73DE5F24F7E8E7A52", "F36B2B0C795AAB35C070C1F451EEF4EC2B7111576274E3352545DC96C6338B2A", "F84AE0789B6A6871E38FC4C4182834EF756FECF7B5C687CE9EBC3A18A9F54CA5", "F9C229042A5C2BB4BE36D2B0476341BBA6F9EE37AE5E8587651396738580B253", "F9CB770C5B8A2294DF8EA0EF427572827C6FA0BB5C5E3EA1766A8830336C32AE", "FB25C73A03D3B776E67F564CA2E767B49B8FCBD2C4FA781C304112802CBE5410", "FD78E00A34CDC9D7D8091CAA57CDC14B83E54362C87FEC9329E3CF442952770F", "FDC7D258B406CB52E1FC58756F0FBB67532C0E63F0746896966795ABAA9C2BF4"]}, {"type": "kaspersky", "idList": ["KLA11641"]}, {"type": "mageia", "idList": ["MGASA-2013-0200", "MGASA-2014-0549", "MGASA-2016-0385", "MGASA-2018-0431", "MGASA-2021-0034", "MGASA-2021-0183"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-060.NASL", "AL2022_ALAS2022-2022-242.NASL", "AL2023_ALAS2023-2023-077.NASL", "AL2_ALAS-2021-1690.NASL", "AL2_ALAS-2022-1794.NASL", "AL2_ALAS-2023-1966.NASL", "ALA_ALAS-2013-164.NASL", "ALA_ALAS-2014-412.NASL", "ALA_ALAS-2023-1695.NASL", "ALMA_LINUX_ALSA-2022-4797.NASL", "ALMA_LINUX_ALSA-2022-4798.NASL", "CENTOS8_RHSA-2022-4797.NASL", "CENTOS8_RHSA-2022-4798.NASL", "CENTOS_RHSA-2013-0683.NASL", "CENTOS_RHSA-2014-1193.NASL", "CLOUDBEES_SECURITY_ADVISORY_2021-04-20.NASL", "DEBIAN_DLA-169.NASL", "DEBIAN_DLA-2191.NASL", "DEBIAN_DLA-2595.NASL", "DEBIAN_DLA-2688.NASL", "DEBIAN_DLA-2821.NASL", "DEBIAN_DLA-3059.NASL", "DEBIAN_DLA-3079.NASL", "DEBIAN_DLA-3086.NASL", "DEBIAN_DLA-3592.NASL", "DEBIAN_DLA-3619.NASL", "DEBIAN_DSA-4949.NASL", "DEBIAN_DSA-5198.NASL", "DEBIAN_DSA-5242.NASL", "DEBIAN_DSA-5507.NASL", "DERBY_10_6_1_0.NASL", "EULEROS_SA-2020-1596.NASL", "EULEROS_SA-2020-1677.NASL", "EULEROS_SA-2020-1799.NASL", "EULEROS_SA-2020-2102.NASL", "EULEROS_SA-2021-1858.NASL", "EULEROS_SA-2021-1990.NASL", "EULEROS_SA-2021-2233.NASL", "EULEROS_SA-2021-2437.NASL", "F5_BIGIP_SOL16821.NASL", "FEDORA_2013-1194.NASL", "FEDORA_2013-1222.NASL", "FEDORA_2018-8A85ED2F10.NASL", "FREEBSD_PKG_E358B470B37D4E47BC8A2CD9ADBEB63C.NASL", "GENTOO_GLSA-202107-52.NASL", "JENKINS_2_286.NASL", "OPENSUSE-2016-1191.NASL", "OPENSUSE-2018-1188.NASL", "OPENSUSE-2019-1497.NASL", "OPENSUSE-2019-1526.NASL", "OPENSUSE-2019-792.NASL", "OPENSUSE-2020-719.NASL", "OPENSUSE-2021-2005.NASL", "OPENSUSE-2021-447.NASL", "ORACLELINUX_ELSA-2013-0269.NASL", "ORACLELINUX_ELSA-2013-0683.NASL", "ORACLELINUX_ELSA-2014-1193.NASL", "ORACLELINUX_ELSA-2022-1541.NASL", "ORACLELINUX_ELSA-2022-4797.NASL", "ORACLELINUX_ELSA-2022-4798.NASL", "ORACLE_BI_PUBLISHER_JUL_2022_CPU.NASL", "ORACLE_BPM_CPU_JAN_2021.NASL", "ORACLE_COHERENCE_CPU_JUL_2023.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_JUL_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2020_CPU.NASL", "ORACLE_JDEVELOPER_CPU_JUL_2021.NASL", "ORACLE_OATS_CPU_APR_2020.NASL", "ORACLE_OATS_CPU_JAN_2021.NASL", "ORACLE_OBIEE_CPU_JUL_2023.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JUL_2020.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2020.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2020.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2022.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2020_CPU.NASL", "ORACLE_TUXEDO_CPU_JAN_2020.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2021.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JUL_2020.NBIN", "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2020.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2019.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2023.NASL", "REDHAT-RHSA-2013-0269.NASL", "REDHAT-RHSA-2013-0683.NASL", "REDHAT-RHSA-2014-0037.NASL", "REDHAT-RHSA-2014-1123.NASL", "REDHAT-RHSA-2014-1193.NASL", "REDHAT-RHSA-2020-3461.NASL", "REDHAT-RHSA-2020-3462.NASL", "REDHAT-RHSA-2020-3463.NASL", "REDHAT-RHSA-2020-3637.NASL", "REDHAT-RHSA-2020-3638.NASL", "REDHAT-RHSA-2020-3639.NASL", "REDHAT-RHSA-2021-1509.NASL", "REDHAT-RHSA-2021-1551.NASL", "REDHAT-RHSA-2021-2046.NASL", "REDHAT-RHSA-2021-2047.NASL", "REDHAT-RHSA-2021-2048.NASL", "REDHAT-RHSA-2021-2431.NASL", "REDHAT-RHSA-2021-2499.NASL", "REDHAT-RHSA-2021-2517.NASL", "REDHAT-RHSA-2021-3656.NASL", "REDHAT-RHSA-2021-3658.NASL", "REDHAT-RHSA-2021-3758.NASL", "REDHAT-RHSA-2022-1541.NASL", "REDHAT-RHSA-2022-1662.NASL", "REDHAT-RHSA-2022-4699.NASL", "REDHAT-RHSA-2022-4797.NASL", "REDHAT-RHSA-2022-4798.NASL", "ROCKY_LINUX_RLSA-2022-4797.NASL", "ROCKY_LINUX_RLSA-2022-4798.NASL", "SL_20130219_AXIS_ON_SL6_X.NASL", "SL_20130325_AXIS_ON_SL5_X.NASL", "SL_20140915_AXIS_ON_SL5_X.NASL", "SL_20220427_MAVEN_SHARED_UTILS_ON_SL7_X.NASL", "SUSE_SU-2021-2005-1.NASL", "SUSE_SU-2022-3397-1.NASL", "SUSE_SU-2023-2539-1.NASL", "UBUNTU_USN-4575-1.NASL", "UBUNTU_USN-6117-1.NASL", "UBUNTU_USN-6281-1.NASL", "WEB_APPLICATION_SCANNING_112990", "WEB_APPLICATION_SCANNING_112991", "WEB_APPLICATION_SCANNING_112992", "WEB_APPLICATION_SCANNING_112993", "WEB_APPLICATION_SCANNING_112994", "WEB_APPLICATION_SCANNING_112995"]}, {"type": "nuclei", "idList": ["NUCLEI:CVE-2021-28169"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120081", "OPENVAS:1361412562310120389", "OPENVAS:1361412562310123312", "OPENVAS:1361412562310123655", "OPENVAS:1361412562310123725", "OPENVAS:1361412562310801284", "OPENVAS:1361412562310851938", "OPENVAS:1361412562310852532", "OPENVAS:1361412562310852545", "OPENVAS:1361412562310853182", "OPENVAS:1361412562310865299", "OPENVAS:1361412562310865314", "OPENVAS:1361412562310870933", "OPENVAS:1361412562310870971", "OPENVAS:1361412562310871241", "OPENVAS:1361412562310874986", "OPENVAS:1361412562310881697", "OPENVAS:1361412562310882024", "OPENVAS:1361412562310882025", "OPENVAS:1361412562310892191", "OPENVAS:1361412562311220201596", "OPENVAS:1361412562311220201677", "OPENVAS:801284", "OPENVAS:865299", "OPENVAS:865314", "OPENVAS:870933", "OPENVAS:870971", "OPENVAS:881697"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2011-194091", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUJUL2023", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022", "ORACLE:CPUOCT2023"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0269", "ELSA-2013-0683", "ELSA-2014-1193", "ELSA-2022-1541", "ELSA-2022-4797", "ELSA-2022-4798"]}, {"type": "osv", "idList": ["OSV:DLA-169-1", "OSV:DLA-2191-1", "OSV:DLA-2595-1", "OSV:DLA-2821-1", "OSV:DLA-3059-1", "OSV:DLA-3079-1", "OSV:DLA-3086-1", "OSV:DLA-3592-1", "OSV:DLA-3619-1", "OSV:DSA-5198-1", "OSV:DSA-5242-1", "OSV:GHSA-26VR-8J45-3R4W", "OSV:GHSA-53JM-3HC9-FQQC", "OSV:GHSA-55W9-C3G2-4RRH", "OSV:GHSA-59J4-WJWP-MW9M", "OSV:GHSA-96JQ-75WH-2658", "OSV:GHSA-C5XV-QC8P-MH2V", "OSV:GHSA-CJ7V-27PG-WF7Q", "OSV:GHSA-FH32-35W2-RXCC", "OSV:GHSA-GWCR-J4WH-J3CQ", "OSV:GHSA-H4QG-P7R2-CPG3", "OSV:GHSA-H9GJ-RQRW-X4FQ", "OSV:GHSA-HWJ3-M3P6-HJ38", "OSV:GHSA-M394-8RWW-3JR7", "OSV:GHSA-P26G-97M4-6Q7C", "OSV:GHSA-R53V-VM87-F72C", "OSV:GHSA-RHGR-952R-6P8Q", "OSV:GHSA-WR69-G62G-2R9H", "OSV:GHSA-XPRW-XVVM-VQMV"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152462"]}, {"type": "prion", "idList": ["PRION:CVE-2009-4269", "PRION:CVE-2010-2232", "PRION:CVE-2010-4474", "PRION:CVE-2012-5784", "PRION:CVE-2014-3596", "PRION:CVE-2015-1832", "PRION:CVE-2018-8032", "PRION:CVE-2019-0227", "PRION:CVE-2020-10683", "PRION:CVE-2020-13936", "PRION:CVE-2020-27223", "PRION:CVE-2021-28165", "PRION:CVE-2021-28169", "PRION:CVE-2022-2047", "PRION:CVE-2022-29599", "PRION:CVE-2022-38398", "PRION:CVE-2022-38648", "PRION:CVE-2022-40146", "PRION:CVE-2023-26049"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:D1FC7658A8AB3554F3796CEE14DA3320", "QUALYSBLOG:D99AE1031C2A68C1DE4B1CA75299C33D"]}, {"type": "redhat", "idList": ["RHSA-2013:0269", "RHSA-2013:0683", "RHSA-2014:0037", "RHSA-2014:1123", "RHSA-2014:1193", "RHSA-2015:1010", "RHSA-2020:3461", "RHSA-2020:3462", "RHSA-2020:3463", "RHSA-2020:3464", "RHSA-2020:3501", "RHSA-2020:3585", "RHSA-2020:3637", "RHSA-2020:3638", "RHSA-2020:3639", "RHSA-2020:3642", "RHSA-2020:4960", "RHSA-2020:4961", "RHSA-2020:5568", "RHSA-2021:1509", "RHSA-2021:1551", "RHSA-2021:1552", "RHSA-2021:1560", "RHSA-2021:1561", "RHSA-2021:2046", "RHSA-2021:2047", "RHSA-2021:2048", "RHSA-2021:2051", "RHSA-2021:2210", "RHSA-2021:2431", "RHSA-2021:2461", "RHSA-2021:2499", "RHSA-2021:2517", "RHSA-2021:2689", "RHSA-2021:2755", "RHSA-2021:3140", "RHSA-2021:3225", "RHSA-2021:3656", "RHSA-2021:3658", "RHSA-2021:3660", "RHSA-2021:3700", "RHSA-2021:3758", "RHSA-2021:3759", "RHSA-2021:4767", "RHSA-2021:4918", "RHSA-2021:5134", "RHSA-2022:1541", "RHSA-2022:1662", "RHSA-2022:2281", "RHSA-2022:4699", "RHSA-2022:4797", "RHSA-2022:4798", "RHSA-2022:6407", "RHSA-2022:7257", "RHSA-2022:9098", "RHSA-2023:0189", "RHSA-2023:0573", "RHSA-2023:1661", "RHSA-2023:2100", "RHSA-2023:3198", "RHSA-2023:3610", "RHSA-2023:3622", "RHSA-2023:3954", "RHSA-2023:5165", "RHSA-2023:5441", "RHSA-2023:6171", "RHSA-2023:6172", "RHSA-2023:6179"]}, {"type": "redhatcve", "idList": ["RH:CVE-2010-2232", "RH:CVE-2018-8032", "RH:CVE-2019-0227", "RH:CVE-2020-10683", "RH:CVE-2020-13936", "RH:CVE-2020-27223", "RH:CVE-2021-28165", "RH:CVE-2021-28169", "RH:CVE-2022-2047", "RH:CVE-2022-29599", "RH:CVE-2022-38398", "RH:CVE-2022-38648", "RH:CVE-2022-40146", "RH:CVE-2023-26049"]}, {"type": "rhino", "idList": ["RHINO:ADD7C478031F3DD8CC7E20F3B676DB4B"]}, {"type": "rocky", "idList": ["RLSA-2022:4797", "RLSA-2022:4798"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11380"]}, {"type": "seebug", "idList": ["SSV:99271"]}, {"type": "srcincite", "idList": ["SRC-2021-0017"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3218-1", "OPENSUSE-SU-2019:1497-1", "OPENSUSE-SU-2019:1526-1", "OPENSUSE-SU-2020:0719-1", "OPENSUSE-SU-2021:0447-1", "OPENSUSE-SU-2021:2005-1", "SUSE-SU-2022:3397-1"]}, {"type": "symantec", "idList": ["SMNTC-107867", "SMNTC-110516"]}, {"type": "ubuntu", "idList": ["USN-4575-1", "USN-6117-1", "USN-6281-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-4269", "UB:CVE-2010-4474", "UB:CVE-2012-5784", "UB:CVE-2014-3596", "UB:CVE-2015-1832", "UB:CVE-2018-8032", "UB:CVE-2019-0227", "UB:CVE-2020-10683", "UB:CVE-2020-13936", "UB:CVE-2020-27223", "UB:CVE-2021-28165", "UB:CVE-2021-28169", "UB:CVE-2022-2047", "UB:CVE-2022-29599", "UB:CVE-2022-38398", "UB:CVE-2022-38648", "UB:CVE-2022-40146", "UB:CVE-2023-26049"]}, {"type": "veracode", "idList": ["VERACODE:11324", "VERACODE:11377", "VERACODE:25055", "VERACODE:29523", "VERACODE:29563", "VERACODE:29925", "VERACODE:30904", "VERACODE:35667", "VERACODE:36295", "VERACODE:37274", "VERACODE:37275", "VERACODE:37277", "VERACODE:40263", "VERACODE:5316", "VERACODE:7716", "VERACODE:7856"]}, {"type": "wolfi", "idList": ["WOLFI:CVE-2023-26049"]}, {"type": "zdi", "idList": ["ZDI-22-1327", "ZDI-22-1328"]}, {"type": "zdt", "idList": ["1337DAY-ID-32519"]}]}, "vulnersScore": 9.5}, "_state": {"score": 1701539764, "dependencies": 0}, "_internal": {"score_hash": "ee8719b74172afa19316563f8eb430b7"}, "affectedSoftware": [{"version": "12.0.1.0", "operator": "ge", "name": "ibm app connect enterprise toolkit"}, {"version": "12.0.8.0", "operator": "le", "name": "ibm app connect enterprise toolkit"}, {"version": "11.0.0.1", "operator": "ge", "name": "ibm app connect enterprise toolkit"}, {"version": "11.0.0.20", "operator": "le", "name": "ibm app connect enterprise toolkit"}, {"version": "10.1", "operator": "eq", "name": "ibm integration bus toolkit"}]}

{"ibm": [{"lastseen": "2023-02-27T21:44:45", "description": "## Summary\n\nIBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Axis.jar V1.x \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-8032](<https://vulners.com/cve/CVE-2018-8032>) \n** DESCRIPTION: **Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default servlet/services. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n** DESCRIPTION: **Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79829>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n** DESCRIPTION: **Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95377>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-0227](<https://vulners.com/cve/CVE-2019-0227>) \n** DESCRIPTION: **Apache Axis could allow a remote attacker to execute arbitrary code on the system. caused by a flaw in the default StockQuoteService.jws service. By using a man-in-the-middle attack to force an HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Content Collector for SAP Applications| 4.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for SAP Applications| 4.0.0| \n\nUse IBM Content Collector for SAP Applications [4.0.0.4 IF002](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.4&platform=All&function=all> \"4.0.0.4 IF002\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-26T17:24:42", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596", "CVE-2018-8032", "CVE-2019-0227"], "modified": "2021-03-26T17:24:42", "id": "2E4AE144A0CE46F0B21DDCD0E57D2F32B9242E6EA360EE8F749F9D2219693213", "href": "https://www.ibm.com/support/pages/node/6436839", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T18:05:10", "description": "## Summary\n\nThere are multiple vunerabilities in Apache Axis that are used by IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-8032](<https://vulners.com/cve/CVE-2018-8032>) \n**DESCRIPTION: **Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default servlet/services. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n**DESCRIPTION: **Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95377>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID: **[CVE-2019-0227](<https://vulners.com/cve/CVE-2019-0227>) \n**DESCRIPTION: **Apache Axis is vulnerable to server-side request forgery, caused by an expired hard coded domain, used in a default example service named StockQuoteService.jws. By using a man-in-the-middle attack to force an HTTP request, a remote attacker could exploit this vulnerability to conduct an SSRF attack, allowing the attacker to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION: **Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79829>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Asset Management | 7.6.1.2 \nIBM Maximo Asset Management | 7.6.1.3 \nIBM Maximo Application Suite - Manage Component | 8.4 \n \n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix. \n\n**For Maximo Asset Management 7.6:**\n\nVRM | Fix Pack, Feature Pack, or Interim Fix | Download \n---|---|--- \n7.6.1.2 | Maximo Asset Management 7.6.1.2 iFix: \n[7.6.1.2-TIV-MBS-IF029](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=fixId&fixids=7.6.1.2-TIV-MBS-IF029&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.6.1.2-TIV-MBS-IF029\" ) or latest Interim Fix available | [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=all> \"FixCentral\" ) \n7.6.1.3 | \n\nMaximo Asset Management 7.6.1.3 iFix:\n\n[7.6.1.3-TIV-MBS-IF004](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=fixId&fixids=7.6.1.3-TIV-MBS-IF004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.6.1.3-TIV-MBS-IF004\" ) or latest Interim Fix available\n\n| \n\n[FixCentral](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=all> \"FixCentral\" ) \n \n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\nMAS | Manage Patch Fix or Release \n---|--- \n8.8 | 8.4.5 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-02T21:04:46", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Axis affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596", "CVE-2018-8032", "CVE-2019-0227"], "modified": "2023-02-02T21:04:46", "id": "1F74C18809B4642477D9BFB857B02CDCE5F1FD17731A7F1BB3FE3345BB84EBC5", "href": "https://www.ibm.com/support/pages/node/6952561", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-01T17:56:14", "description": "## Summary\n\nThe IBM\u00ae Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 batik-bridge-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of barik-bridge to batik-bridge-1.16.jar .jar\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Engineering Systems Design Rhapsody| 9.0.1 \n \n## Remediation/Fixes\n\nFor the IBM\u00ae Engineering Design Rhapsody product versions 9.0.1, IBM strongly recommends addressing the vulnerability by applying a currently available [Rhapsody 901 SR1 iFix005](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=9.0.1&platform=All&function=fixId&fixids=Rhapsody901Windows.9.0.1_iFix005&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rhapsody 901 SR1 iFix005\" ) full install.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-13T10:57:51", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-07-13T10:57:51", "id": "88B8DC6EA75D39C653142024A42B12BB1759F97DF4BF203772EFB3960C20E495", "href": "https://www.ibm.com/support/pages/node/7011741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:10:10", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product. The recommended action is to update to the latest version.\n\n**Product versions affected:**\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Asset Management | 7.6.1.2 \nIBM Maximo Asset Management | 7.6.1.3 \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Platform Matrix](<https://www.ibm.com/support/pages/node/1288432> \"Platform Matrix\" ) for a list of supported product combinations.\n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix. \n\n**For Maximo Asset Management 7.6:**\n\nVRM | Fix Pack, Feature Pack, or Interim Fix | Download \n---|---|--- \n7.6.1.2 | Maximo Asset Management 7.6.1.2 iFix: \n[7.6.1.2-TIV-MBS-IF031](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.1&platform=All&function=fixId&fixids=7.6.1.2-TIV-MBS-IF031&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"7.6.1.2-TIV-MBS-IF031\" ) or latest Interim Fix available | [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=all> \"FixCentral\" ) \n7.6.1.3 | \n\nMaximo Asset Management 7.6.1.3 iFix:\n\n[7.6.1.3-TIV-MBS-IF006](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=fixId&fixids=7.6.1.3-TIV-MBS-IF006&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.6.1.3-TIV-MBS-IF006\" ) or latest Interim Fix available\n\n| \n\n[FixCentral](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=all> \"FixCentral\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-05T15:03:48", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-04-05T15:03:48", "id": "78EEA56B2A5DF0C85488A5A142301BFC2DAF518E90B972461A497445D7F5E4DE", "href": "https://www.ibm.com/support/pages/node/6981109", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:51:29", "description": "## Summary\n\nMultiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center. Information about these vulnerabilities affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.\n\nDownload the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.4](<https://www.ibm.com/support/pages/node/7022369>)\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-09-05T13:23:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-09-05T13:23:31", "id": "EB4D77DF2606CC961A9837462FA9F768B43E2641736E483B9318E136D52C90D1", "href": "https://www.ibm.com/support/pages/node/7030631", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:50:45", "description": "## Summary\n\nApache Batik is used by IBM Application Performance Management.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410> \n \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-09-13T07:59:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-09-13T07:59:32", "id": "C11BA9E14CD6800C4F5B26BAB241BCB07EF8006C97D429A46A56F40566B74CA8", "href": "https://www.ibm.com/support/pages/node/7031994", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:10:25", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Application Suite - Manage Component | \n\nMAS 8.8 - Manage 8.4 \n \n## Remediation/Fixes\n\n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\nMaximo Application Suite Patch Fix or Release | Manage Patch Fix or Release \n---|--- \nUpgrade to MAS version 8.8.7 or latest Patch Fix available | 8.4.7 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-04T21:55:52", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-04-04T21:55:52", "id": "B443C6268C32A55B714975F403CE2E916F8F1924C5682DCFF02C21AFD815860C", "href": "https://www.ibm.com/support/pages/node/6980867", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:05:55", "description": "## Summary\n\nThis Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nETM| 7.0.1 \nETM| 7.0.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of batik-all library. \n\nSuggested :\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nEngineering Test Management | 7.0.1| \n\nDownload and apply ETM 7.0.1 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.1&platform=All&function=all>) \n \nEngineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T07:45:16", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-05-02T07:45:16", "id": "ED8F8307E017F0B5E99D75B0A0278941C71E34AEAB269BE8FE00779D7C4262C4", "href": "https://www.ibm.com/support/pages/node/6987681", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:48:55", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service(JRS). This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Jazz Reporting Service| 7.0.2 \nIBM Jazz Reporting Service| 7.0.1 \n \n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. \nReleased a iFix version for Jazz Reporting Service 7.0.2 iFix021: To ensure users could protect themselves from this vulnerability, the upgraded version of Apache Batik-bridge has been released in this ifix.\n\n**Product**| **Version**| **iFix**| **Remediation / First Fix** \n---|---|---|--- \nIBM Jazz Reporting Service| 7.0.2| iFix021| [Fix Central - 7.0.2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=All&platform=All&function=fixId&fixids=7.0.2-IBM-ELM-iFix021&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Fix Central - 7.0.2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-10-04T10:44:16", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-10-04T10:44:16", "id": "8AC2B8BF18DFE033F865ED53A61B3DBEB5E0DF21D0F1634B030AAECB5AAD0C73", "href": "https://www.ibm.com/support/pages/node/7046974", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:05:54", "description": "## Summary\n\nThis Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nETM| 7.0.1 \nETM| 7.0.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of batik-all library. \n\nSuggested :\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nEngineering Test Management | 7.0.1| \n\nDownload and apply ETM 7.0.1 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.1&platform=All&function=all>) \n \nEngineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T07:44:24", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-05-02T07:44:24", "id": "6DF11C48DBD150389BD788E33E0F9C8BBDAF1FA8674FAE3BD975AF6F35875619", "href": "https://www.ibm.com/support/pages/node/6987675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T18:05:05", "description": "## Summary\n\nThere is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.3 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-01T21:57:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2021-28169"], "modified": "2023-02-01T21:57:48", "id": "72E563FF799565BA0BAC30781F2F7618D43BA295DE1DABC0839C7F0ECB363255", "href": "https://www.ibm.com/support/pages/node/6574049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:47:57", "description": "## Summary\n\nApache Axis contains two security vulnerabilities that could allow for spoofing attacks. See the individual descriptions below for the details. \n\n\n## Vulnerability Details\n\n**CVE-ID****: **[**CVE-2012-5784**](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION**: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n\n\n**CVEID:** [**CVE-2014-3596**](<https://vulners.com/cve/CVE-2014-3596>)** \nDESCRIPTION:** Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95377_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95377>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.2.0, 5.2.1 \nIBM Content Foundation 5.2.0, 5.2.1 \nFileNet Business Process Management 5.0.0 \n\n\n## Remediation/Fixes\n\nUpgrade to one of the product fix pack levels in the table below. \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix Available** \n---|---|---|--- \nFileNet Content Manager| 5.2.0 \n5.2.1| PJ43410 \nPJ43410| [5.2.0.4-P8CPE-FP004](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%2BProduct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.3&platform=All&function=all>) \\- 8/31/2015 \n[5.2.1.3-P8CPE-FP003](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%2BProduct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.2&platform=All&function=all>) \\- 12/4/2015 \nIBM Content Foundation| 5.2.0 \n5.2.1| PJ43410 \nPJ43410| [5.2.0.4-P8CPE-FP004](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%2BProduct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.0.3&platform=All&function=all>) \\- 8/31/2015 \n[5.2.1.3-P8CPE-FP003](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%2BProduct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.2&platform=All&function=all>) \\- 12/4/2015 \nFileNet Business Process Manager| 5.0.0| PJ43411| [5.0.0.9-P8PE-IF001](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%2BProduct%2BFamily&product=ibm/Information+Management/FileNet+Process+Engine&release=5.0.0.9&platform=All&function=all>) \\- 11/9/2015 \n \nReleases available from Fix Central with the above links. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:12:09", "type": "ibm", "title": "Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2018-06-17T12:12:09", "id": "F84AE0789B6A6871E38FC4C4182834EF756FECF7B5C687CE9EBC3A18A9F54CA5", "href": "https://www.ibm.com/support/pages/node/536489", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:42:21", "description": "## Summary\n\nIBM Sterling B2B Integrator uses ActiveMQ. ActiveMQ uses Axis and is vulnerable.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2012-5784](<https://vulners.com/cve/CVE-2012-5784>) \n**DESCRIPTION:** Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>) \n**DESCRIPTION:** Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95377> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n## Remediation/Fixes\n\n**PRODUCT &amp; Version **\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n| \n\nApply IBM Sterling B2B Integrator version 6.0.0.0 or 5.2.6.4 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2020-02-05T00:53:36", "id": "7CE4B0696905C1B249B7E4F9FAF56E48BD840AB3F8AE938159BC93F9D02126A2", "href": "https://www.ibm.com/support/pages/node/728839", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-06T14:44:13", "description": "## Summary\n\nIBM Security SOAR includes an older version of Eclipse Jetty that may be identified and exploited.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nResilient OnPrem| IBM Security SOAR \n \n\n\n## Remediation/Fixes\n\nUsers must upgrade to v41.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Documentation](<https://www.ibm.com/docs/en/rsoa-and-rp/41?topic=guide-upgrade-procedure> \"IBM Documentation\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-14T18:24:26", "type": "ibm", "title": "Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223", "CVE-2021-28163", "CVE-2021-28165"], "modified": "2021-07-14T18:24:26", "id": "AA9924D97A331BFEF405C5965F86807ACBF07005A06B3D61D1E7556C355A7841", "href": "https://www.ibm.com/support/pages/node/6472057", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-02T17:46:21", "description": "## Summary\n\nIBM Integration Bus is vulnerable to multiple vulnerabilities in Eclipse Jetty. (CVE-2023-40167, CVE-2023-26049, CVE-2022-2047, IBM X-Force ID: 261776)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-40167](<https://exchange.xforce.ibmcloud.com/vulnerabilities/266353>) \n** DESCRIPTION: **Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/266353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/266353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-2047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** IBM X-Force ID: **261776 \n** DESCRIPTION: **Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity (XXE) declarations by the XmlParser. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack or cause a denial of service condition. \nCVSS Base score: 3.9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/261776 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/261776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)Version(s)| Version(s) \n---|--- \nIBM Integration Bus| 10.1 - 10.1.0.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM Integration Bus**\n\nAffected Product(s)Version(s)| Version(s)| APAR| Remediation / Fix \n---|---|---|--- \nIBM Integration Bus| 10.1 - 10.1.0.2| IT44857| Interim Fix for APAR (IT44857) is available to apply to 10.1.0.2 from \n \n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.1.0.2&platform=All&function=aparId&apars=IT44857>) \n \n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-27T08:54:04", "type": "ibm", "title": "Security Bulletin: IBM Integration Bus is vulnerable to multiple vulnerabilities in Eclipse Jetty. (CVE-2023-40167, CVE-2023-26049, CVE-2022-2047, IBM X-Force ID: 261776)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2047", "CVE-2023-26049", "CVE-2023-40167"], "modified": "2023-11-27T08:54:04", "id": "34127F0DBEE9F1D5A8DA68761FC500FB33FE2AF4896D1449F1DD100D652C514D", "href": "https://www.ibm.com/support/pages/node/7082766", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T17:45:25", "description": "## Summary\n\nThere is a vulnerability in Eclipse Jetty that could allow a remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| \n\n1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.14.1,\n\n1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4\n\n| \n\n**Upgrade to version 1.14.2** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0FHQML** \nProcess Mining 1.14.2 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0FHRML** Process Mining 1.14.2 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**:\n\nNone known\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-09T11:01:33", "type": "ibm", "title": "Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2023-26049", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-10-09T11:01:33", "id": "BBFA7DDBA21D296590459BEF46C40DDAE4995F3DCB223548A0039A3F5B8A2C20", "href": "https://www.ibm.com/support/pages/node/7048714", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T17:48:53", "description": "## Summary\n\nThe jetty-http-9.4.48.v20220622.jar package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-26049].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Data System 1.0| 1.0.0.0-1.0.8.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 1.0.8.2| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=1.0.8.2-WS-ICPDS-fp235&product=ibm%2FWebSphere%2FIBM%20Cloud%20Private%20for%20Data%20System&source=dbluesearch&mhsrc=ibmsearch_a&mhq=1%26period%3B0%26period%3B8%26period%3B2&function=fixId&parent=ibm/WebSphere>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-31T11:08:28", "type": "ibm", "title": "Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-26049]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-07-31T11:08:28", "id": "249CBA5B66260044B62E39399D6B9F244A48D1E592B1161909D570007F89EB54", "href": "https://www.ibm.com/support/pages/node/7015809", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-17T01:44:55", "description": "## Summary\n\nA vulnerability in Eclipse Jetty used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT225329](<https://www.ibm.com/mysupport/aCI3p000000D036> \"DT225329\" )| \\--Upgrade the Information Server Update installer to [11.7.1.125](<https://www.ibm.com/support/pages/node/618871> \"11.7.1.125\" ) or later \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-16T20:40:24", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26049)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-16T20:40:24", "id": "0AA4C144A9AD1C920DEB05F8F9B652C8F551D731D57E67AE40CED2868B3F4619", "href": "https://www.ibm.com/support/pages/node/7070740", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-21T17:44:56", "description": "## Summary\n\nThere is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Maximo Application Suite - Manage Component| \n\nMAS 8.10.0 - Manage 8.6.0 \n \n## Remediation/Fixes\n\n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\n**MAS**| **Manage Patch Fix or Release** \n---|--- \n[Upgrade to MAS 8.10.X](<https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading>)| \n\nUpgrade to Manage 8.6.4 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-21T13:24:41", "type": "ibm", "title": "Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-21T13:24:41", "id": "2685C67792A944C5EA20F8088BC8F9FCF5A3D1AEB731FDF7D1B21072FC55A8BF", "href": "https://www.ibm.com/support/pages/node/7080156", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:48:21", "description": "## Summary\n\nIBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty that could allow a remote authenticated attacker to obtain sensitive information. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Enterprise Records| All \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Enterprise Records| 5.2.1| \n\nUse IBM Enterprise Records [5.2.1.8 IF004](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Enterprise+Records&release=5.2.1.8IF004&platform=All&function=all> \"5.2.1.8 IF004\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-27T07:12:06", "type": "ibm", "title": "Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-09-27T07:12:06", "id": "312FEA8CBB6FB09139A0372941C757E6353A133DED964ECB82D11B9931ED6F3C", "href": "https://www.ibm.com/support/pages/node/7040603", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:46:13", "description": "## Summary\n\nThe jetty-http-9.4.48.v20220622.jar package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE [ CVE-2023-26049].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://vulners.com/cve/CVE-2023-26049>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Analytics System| 1.0.0-1.0.28.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**\n\nAffected Product(s)| VRMF| Remediation/Fixes \n---|---|--- \nIBM Integrated Analytics System| 1.0.28.1| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=1.0.28.1-IM-IIAS-fp247&product=ibm%2FInformation%20Management%2FIBM%20Integrated%20Analytics%20System&source=dbluesearch&mhsrc=ibmsearch_a&mhq=1%26period%3B0%26period%3B28%26period%3B1&function=fixId&parent=ibm/Information%20Management>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-31T08:09:30", "type": "ibm", "title": "Security Bulletin: Vulnerability in jetty-http-9.4.48.v20220622.jar affects IBM Integrated Analytics System (Sailfish) [CVE-2023-26049]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-10-31T08:09:30", "id": "9E000F7476556476AEE95CB4146B2A253514DEE75B0311EF33234ADF9D66D80E", "href": "https://www.ibm.com/support/pages/node/7063256", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:46:05", "description": "## Summary\n\nThere is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26049)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Product versions affected:**\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Asset Management| 7.6.1.3 \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Platform Matrix](<https://www.ibm.com/support/pages/node/1288432> \"Platform Matrix\" ) for a list of supported product combinations.\n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix.\n\n**For Maximo Asset Management 7.6:**\n\nVRM| Fix Pack, Feature Pack, or Interim Fix| Download \n---|---|--- \n7.6.1.3| \n\nMaximo Asset Management 7.6.1.3 iFix:\n\n[7.6.1.3-TIV-MBS-IF011](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=fixId&fixids=7.6.1.3-TIV-MBS-IF011&includeSupersedes=0&source=fc> \"7.6.1.3-TIV-MBS-IF011\" ) or latest Interim Fix available\n\n| \n\n[FixCentral](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=all> \"FixCentral\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-06T12:49:56", "type": "ibm", "title": "Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Asset Management application (CVE-2023-26049)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-06T12:49:56", "id": "FDC7D258B406CB52E1FC58756F0FBB67532C0E63F0746896966795ABAA9C2BF4", "href": "https://www.ibm.com/support/pages/node/7067416", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T17:54:05", "description": "## Summary\n\nA vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-26049](<https://vulners.com/cve/CVE-2023-26049>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Process Designer 8.5.7 is shipped with the following versions of IBM Business Automation Workflow:\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| 19.0.0.3 - 22.0.2 \n \n \n\n\n## Remediation/Fixes\n\nInstall interim fix DT213400 for your version:\n\n * [IBM Business Automation Workflow 22.0.2](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.40022020-WS-BPMPCPD-IFDT213400&includeSupersedes=0&source=fc>)\n * [IBM Business Automation Workflow 21.0.3](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.30021031-WS-BPMPCPD-IFDT213400&includeSupersedes=0&source=fc>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-17T22:40:46", "type": "ibm", "title": "Security Bulletin: A CVE-2023-26049 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-05-17T22:40:46", "id": "E10BC13298A9A4496B5501AD4EE6BBBE01F92EC5AEB159012EF32968ADD4E4AE", "href": "https://www.ibm.com/support/pages/node/6995451", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T18:13:04", "description": "## Summary\n\nIBM Enterprise Records may be affected by vulnerability found in Eclipse Jetty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Enterprise Records| 5.2.x \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nIBM Enterprise Records| 5.2.1| \n\nUse IBM Enterprise Records [5.2.1.8 IF002](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Enterprise+Records&release=5.2.1.8IF002&platform=All&function=all> \"5.2.1.8 IF002\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-20T11:29:10", "type": "ibm", "title": "Security Bulletin: Vulnerability found in Eclipse Jetty may affect IBM Enterprise Records", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28165"], "modified": "2022-10-20T11:29:10", "id": "407C5BA6F87D87480BE2E35485ACB27324098C08D9473ABCDC85674836045459", "href": "https://www.ibm.com/support/pages/node/6830871", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-02T17:55:05", "description": "## Summary\n\nMultiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28169](<https://vulners.com/cve/CVE-2021-28169>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34428](<https://vulners.com/cve/CVE-2021-34428>) \n** DESCRIPTION: **Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an exception is thrown from the SessionListener#sessionDestroyed() method. By gaining access to the application on the shared computer, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28163](<https://vulners.com/cve/CVE-2021-28163>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28164](<https://vulners.com/cve/CVE-2021-28164>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper input validation by the default compliance mode. By sending specially-crafted requests with URIs that contain %2e or %2e%2e segments, an attacker could exploit this vulnerability to access protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-34429](<https://vulners.com/cve/CVE-2021-34429>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted URI, an attacker could exploit this vulnerability to obtain the content of the WEB-INF directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2191](<https://vulners.com/cve/CVE-2022-2191>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2047](<https://vulners.com/cve/CVE-2022-2047>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-2048](<https://vulners.com/cve/CVE-2022-2048>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **230016 \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the production servers spiking with CPU use. A remote attacker could exploit this vulnerability to consume CPU that remains high even without any traffic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/230016 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7| [JR64675](<http://www.ibm.com/support/docview.wss?uid=swg1JR64675> \"JR64675\" ) \n[DT160842 ](<https://www.ibm.com/mysupport/aCI3p000000PY8x> \"DT160842\" ) \n[DT198779](<https://ibmsf.lightning.force.com/lightning/r/Defect__c/aCI3p000000LE0e> \"DT198779\" )| \\--Upgrade your Update Installer to [version 11.7.1.116](<https://www.ibm.com/support/pages/node/6574447> \"version 11.7.1.116\" ) or later \n \n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n\\--For shared open source on the services tier, apply Information Server [11.7.1.4 Service pack 1](<https://www.ibm.com/support/pages/node/6989459>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-17T02:32:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-34428", "CVE-2021-34429", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2191"], "modified": "2023-05-17T02:32:10", "id": "25DE8BF64C58EFD9DD2C92C9D544C32FD6567CEC26CF6C9D70956F831B66255A", "href": "https://www.ibm.com/support/pages/node/6829321", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-05-27T17:58:26", "description": "## Summary\n\nCVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 7.1.1.1 \nUCD - IBM UrbanCode Deploy| 7.0.5.3 \nUCD - IBM UrbanCode Deploy| 7.1.1.2 \nUCD - IBM UrbanCode Deploy| 7.1.1.0 \nUCD - IBM UrbanCode Deploy| 7.1.0.0 \nUCD - IBM UrbanCode Deploy| 7.0.5.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.3 \nUCD - IBM UrbanCode Deploy| 6.2.7.8 \nUCD - IBM UrbanCode Deploy| 7.0.4.0 \nUCD - IBM UrbanCode Deploy| 6.2.7.9 \nUCD - IBM UrbanCode Deploy| 7.0.3.0 \nUCD - IBM UrbanCode Deploy| All \n \n## Remediation/Fixes\n\nUpgrade to 6.2.7.11, 7.0.5.6, 7.1.2.2\n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=6.2.7.11-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=6.2.7.11-IBM-UrbanCode-Deploy>)\n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=7.0.5.6-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.6-IBM-UrbanCode-Deploy>)\n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=7.1.2.2-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.2-IBM-UrbanCode-Deploy>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-30T05:02:26", "type": "ibm", "title": "Security Bulletin: CVE-2021-28165 In Eclipse Jetty CPU usage can reach 100% upon receiving a large invalid TLS frame.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28165"], "modified": "2021-07-30T05:02:26", "id": "C10FBBF5A8E11974F87E6A099C17E72598C3522DD897AF08DEDE1BCE75AC993E", "href": "https://www.ibm.com/support/pages/node/6469939", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-02T17:49:26", "description": "## Summary\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions - Transaction Tracking has addressed the following dom4j-1.6.1.jar vulnerability and updated dom4j-1.6.1.jar to version 2.1.4\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-10683](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) \n**DESCRIPTION: **dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nITCAM for Transactions | 7.4.0.2 \n \n## Remediation/Fixes\n\nITCAM for Transaction Tracking 7.4.0.2 IFix 22 - [7.4.0.2-TIV-CAMTT-IF0022](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMTT-IF0022&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-30T15:30:21", "type": "ibm", "title": "Security Bulletin: ITCAM for Transactions affect by the Security vulnerability CVE-2020-10683 found in dom4j-1.6.1.jar", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2023-08-30T15:30:21", "id": "7BE11F93427DE2496C264310F6C3E92E19016A048F64608DB74BA4A182CBE343", "href": "https://www.ibm.com/support/pages/node/7029833", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T14:43:52", "description": "## Summary\n\nwhen Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-27223](<https://vulners.com/cve/CVE-2020-27223>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request containing multiple Accept headers with a large number of quality parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust minutes of CPU time. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 7.1.1.1 \nUCD - IBM UrbanCode Deploy| 7.0.5.3 \nUCD - IBM UrbanCode Deploy| 7.1.1.2 \nUCD - IBM UrbanCode Deploy| 7.1.1.0 \nUCD - IBM UrbanCode Deploy| 7.1.0.0 \nUCD - IBM UrbanCode Deploy| 7.0.5.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.3 \nUCD - IBM UrbanCode Deploy| 6.2.7.8 \nUCD - IBM UrbanCode Deploy| 7.0.4.0 \nUCD - IBM UrbanCode Deploy| 6.2.7.9 \nUCD - IBM UrbanCode Deploy| 7.0.3.0 \nUCD - IBM UrbanCode Deploy| All \n \n## Remediation/Fixes\n\nUpgrade to 7.0.5.5, 7.1.2.1, 7.2.0.0\n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=7.0.5.5-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.5-IBM-UrbanCode-Deploy>) \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=7.1.2.1-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.1-IBM-UrbanCode-Deploy>) \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&amp;product=ibm/Rational/IBM+UrbanCode+Deploy&amp;function=fixId&amp;fixids=7.2.0.0-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-07-30T05:03:40", "type": "ibm", "title": "Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2021-07-30T05:03:40", "id": "1AA4611E8CEF92D7DAB3035A8D24E6E9D88F1CF99EEC6736B41463D5EEF4773E", "href": "https://www.ibm.com/support/pages/node/6469935", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:47:31", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Axis Library. Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3596_](<https://vulners.com/cve/CVE-2014-3596>)** \nDESCRIPTION:** Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \n_CVSS Base Score: 4.3 \nCVSS Temporal Score: See _[__http://xforce.iss.net/xforce/xfdb/95377__](<http://xforce.iss.net/xforce/xfdb/95377>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)_\n\n## Affected Products and Versions\n\nIBM C\u00faram Social Program Management 7.0.0.0 - 7.0.1.0 \nIBM C\u00faram Social Program Management 6.2.0.0 - 6.2.0.5 \nIBM C\u00faram Social Program Management 6.1.0.0 - 6.1.1.5 \nIBM C\u00faram Social Program Management 6.0.5.0 - 6.0.5.10\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| _Remediation/First Fix_ \n---|---|--- \nIBM C\u00faram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to [_7.0.1.1_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.1.0&platform=All&function=all>) or a subsequent 7.0.1 release \nIBM C\u00faram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to [_6.2.0.6_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.2.0.0&platform=All&function=all>) or a subsequent 6.2.0 release \nIBM C\u00faram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to [_6.1.1.6_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.1.1.0&platform=All&function=all>) or a subsequent 6.1.1 release \nIBM C\u00faram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to [_6.0.5.10 iFix2_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.0.5.10&platform=All&function=all>) or a subsequent 6.0.5 release \n \n## Workarounds and Mitigations\n\nFor information on all other versions please contact C\u00faram Customer Support.\n\n## ", "cvss3": {}, "published": "2018-06-17T13:09:42", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Axis affects IBM C\u00faram Social Program Management (CVE-2014-3596)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3596"], "modified": "2018-06-17T13:09:42", "id": "F9C229042A5C2BB4BE36D2B0476341BBA6F9EE37AE5E8587651396738580B253", "href": "https://www.ibm.com/support/pages/node/296897", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T17:48:59", "description": "## Summary\n\nVulnerability have been identified in velocity-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center. Information about this vulnerability affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs. [CVE-2020-13936]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) \n** DESCRIPTION: **Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197993](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.\n\nDownload the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.4](<https://www.ibm.com/support/pages/node/7022369>)\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-07T10:42:42", "type": "ibm", "title": "Security Bulletin: Vulnerability found in velocity-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center [CVE-2020-13936]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-09-07T10:42:42", "id": "945A7F42BA5C20E540020137746666888ECCF80B8525C6A9C67236A3E2922892", "href": "https://www.ibm.com/support/pages/node/7030918", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T17:49:20", "description": "## Summary\n\nAn attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. IBM has addressed the vulnerability. [CVE-2020-13936]\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-13936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) \n**DESCRIPTION: **Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197993](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197993>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nICP - IBM Match 360 | 4.7.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading to Match 360 v4.7.1 or higher.** \n\n\n**Product(s)** | **Version(s) ** | **Remediation/Fix/Instructions** \n---|---|--- \nICP - IBM Match 360 | 4.7.0 | \n\nPlease follow [instructions](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=u-upgrading-from-version-47> \"instructions\" ) to upgrade to 4.7.1 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-01T16:32:38", "type": "ibm", "title": "Security Bulletin: IBM Match 360 is affected due to a denial of service due to vulnerability in Apache Velocity Engine [CVE-2020-13936]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-09-01T16:32:38", "id": "37BE836A5BB19C4471A88D043C073A06FB3CBC59B13C39869F580917AFF132C2", "href": "https://www.ibm.com/support/pages/node/7030371", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:18:52", "description": "\nA vulnerability was fixed in axis, a SOAP implementation in Java:\n\n\nThe getCN function in Apache Axis 1.4 and earlier does not properly verify\n that the server hostname matches a domain name in the subject's Common Name\n (CN) or subjectAltName field of the X.509 certificate, which allows\n man-in-the-middle attackers to spoof SSL servers via a certificate with a\n subject that specifies a common name in a field that is not the CN field.\n\n\nThanks to Markus Koschany for providing the fixed package and David Jorm\n and Arun Neelicattu (Red Hat Product Security) for providing the patch.\n\n\nFor Debian 6 Squeeze, these issues have been fixed in axis version 1.4-12+deb6u1\n\n\n", "cvss3": {}, "published": "2015-03-10T00:00:00", "type": "osv", "title": "axis - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2022-07-21T05:52:31", "id": "OSV:DLA-169-1", "href": "https://osv.dev/vulnerability/DLA-169-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-04-11T01:45:18", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2018-10-16T20:50:58", "type": "osv", "title": "Moderate severity vulnerability that affects org.apache.axis:axis", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2023-04-11T01:45:14", "id": "OSV:GHSA-R53V-VM87-F72C", "href": "https://osv.dev/vulnerability/GHSA-r53v-vm87-f72c", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-10-15T17:43:44", "description": "\nBatik is a toolkit for applications or applets that want to use images\nin the Scalable Vector Graphics (SVG) format for various purposes,\nsuch as viewing, generation or manipulation.\n\n\n* [CVE-2020-11987](https://security-tracker.debian.org/tracker/CVE-2020-11987)\nA server-side request forgery was found,\n caused by improper input validation by the NodePickerPanel.\n By using a specially-crafted argument, an attacker could exploit\n this vulnerability to cause the underlying server to make\n arbitrary GET requests.\n* [CVE-2022-38398](https://security-tracker.debian.org/tracker/CVE-2022-38398)\nA Server-Side Request Forgery (SSRF) vulnerability\n was found that allows an attacker to load a url thru the jar\n protocol.\n* [CVE-2022-38648](https://security-tracker.debian.org/tracker/CVE-2022-38648)\nA Server-Side Request Forgery (SSRF) vulnerability\n was found that allows an attacker to fetch external resources.\n* [CVE-2022-40146](https://security-tracker.debian.org/tracker/CVE-2022-40146)\nA Server-Side Request Forgery (SSRF) vulnerability\n was found that allows an attacker to access files using a Jar url.\n* [CVE-2022-44729](https://security-tracker.debian.org/tracker/CVE-2022-44729)\nA Server-Side Request Forgery (SSRF) vulnerability\n was found. A malicious SVG could trigger loading external resources\n by default, causing resource consumption or in some\n cases even information disclosure.\n* [CVE-2022-44730](https://security-tracker.debian.org/tracker/CVE-2022-44730)\nA Server-Side Request Forgery (SSRF) vulnerability\n was found. A malicious SVG can probe user profile / data and send\n it directly as parameter to a URL.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1.10-2+deb10u3.\n\n\nWe recommend that you upgrade your batik packages.\n\n\nFor the detailed security status of batik please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/batik>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-10-14T00:00:00", "type": "osv", "title": "batik - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-44729", "CVE-2022-44730"], "modified": "2023-10-14T23:18:56", "id": "OSV:DLA-3619-1", "href": "https://osv.dev/vulnerability/DLA-3619-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-13T23:01:20", "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.\n\nIf Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered.\n\nSo, a cookie header such as:\n\n`DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d`\n\ninstead of 3 separate cookies.\n\n### Impact\nThis has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server.\n\n### Patches\n* 9.4.51.v20230217 - via PR #9352\n* 10.0.15 - via PR #9339\n* 11.0.15 - via PR #9339\n\n### Workarounds\nNo workarounds\n\n### References\n* https://www.rfc-editor.org/rfc/rfc2965\n* https://www.rfc-editor.org/rfc/rfc6265\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-04-18T22:19:57", "type": "osv", "title": "Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-06-13T23:00:55", "id": "OSV:GHSA-P26G-97M4-6Q7C", "href": "https://osv.dev/vulnerability/GHSA-p26g-97m4-6q7c", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-11T01:38:35", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-23T00:00:39", "type": "osv", "title": "Apache Batik Server-Side Request Forgery ", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-38398"], "modified": "2023-04-11T01:38:33", "id": "OSV:GHSA-C5XV-QC8P-MH2V", "href": "https://osv.dev/vulnerability/GHSA-c5xv-qc8p-mh2v", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:48:37", "description": "\nIt was discovered that there was a potential arbitrary code execution\nvulnerability in velocity, a Java-based template engine for writing web\napplications. It could be exploited by applications which allowed untrusted\nusers to upload/modify templates.\n\n\n* [CVE-2020-13936](https://security-tracker.debian.org/tracker/CVE-2020-13936)\nAn attacker that is able to modify Velocity templates may execute\n arbitrary Java code or run arbitrary system commands with the same\n privileges as the account running the Servlet container. This applies to\n applications that allow untrusted users to upload/modify velocity templates\n running Apache Velocity Engine versions up to 2.2.\n\n\nFor Debian 9 Stretch, these problems have been fixed in version\n1.7-5+deb9u1.\n\n\nWe recommend that you upgrade your velocity packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-17T00:00:00", "type": "osv", "title": "velocity - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-06-28T06:48:12", "id": "OSV:DLA-2595-1", "href": "https://osv.dev/vulnerability/DLA-2595-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-04-11T01:34:04", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-23T00:00:40", "type": "osv", "title": "Apache Batik vulnerable to Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-40146"], "modified": "2023-04-11T01:33:34", "id": "OSV:GHSA-H4QG-P7R2-CPG3", "href": "https://osv.dev/vulnerability/GHSA-h4qg-p7r2-cpg3", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-05T05:19:16", "description": "\nAn issue has been found in axis, a SOAP implementation in Java.\nThe issue is related to a cross-site scripting (XSS) attack in the default\nservlet/services.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.4-25+deb9u1.\n\n\nWe recommend that you upgrade your axis packages.\n\n\nFor the detailed security status of axis please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/axis>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-11-17T00:00:00", "type": "osv", "title": "axis - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2022-08-05T05:19:14", "id": "OSV:DLA-2821-1", "href": "https://osv.dev/vulnerability/DLA-2821-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-11T01:36:03", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-10-16T20:51:15", "type": "osv", "title": "Moderate severity vulnerability that affects apache axis", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2023-04-11T01:36:00", "id": "OSV:GHSA-96JQ-75WH-2658", "href": "https://osv.dev/vulnerability/GHSA-96jq-75wh-2658", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-17T23:02:38", "description": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.", "cvss3": {}, "published": "2022-05-02T03:53:13", "type": "osv", "title": "Use of Password Hash With Insufficient Computational Effort in Apache Derby", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2022-06-17T22:23:08", "id": "OSV:GHSA-FH32-35W2-RXCC", "href": "https://osv.dev/vulnerability/GHSA-fh32-35w2-rxcc", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-28T05:22:43", "description": "### Impact\nWhen Jetty handles a request containing request headers with a large number of \u201cquality\u201d (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application.\n\nThe only features within Jetty that can trigger this behavior are:\n\n- Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc)\n- `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc)\n- `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which \u201cpreferred\u201d language is returned on this call.\n- `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header.\n- `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app)\n\n### Versions\n`QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. \n\nCurrently, known vulnerable versions include:\n\n- 9.4.6.v20170531 thru to 9.4.36.v20210114\n- 10.0.0\n- 11.0.0\n\n### Workarounds\n\nQuality ordered values are used infrequently by jetty so they can be avoided by:\n\n * Do not use the default error page/handler.\n * Do not deploy the `StatisticsServlet` exposed to the network\n * Do not call `getLocale` API\n * Do not enable precompressed static content in the `DefaultServlet` \n\n### Patches\n\nAll patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php)\n- 9.4.37.v20210219 and greater\n- 10.0.1 and greater \n- 11.0.1 and greater", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-10T03:46:47", "type": "osv", "title": "DOS vulnerability for Quoted Quality CSV headers", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-03-28T05:22:41", "id": "OSV:GHSA-M394-8RWW-3JR7", "href": "https://osv.dev/vulnerability/GHSA-m394-8rww-3jr7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-28T05:44:58", "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.\n\nThis occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check.\n\n### Impact\nThis affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3.\n\n### Workarounds\n\nIf you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-06-10T15:43:22", "type": "osv", "title": "Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169"], "modified": "2023-03-28T05:44:52", "id": "OSV:GHSA-GWCR-J4WH-J3CQ", "href": "https://osv.dev/vulnerability/GHSA-gwcr-j4wh-j3cq", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-11T01:44:57", "description": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T20:32:36", "type": "osv", "title": "Sandbox Bypass in Apache Velocity Engine", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-04-11T01:44:54", "id": "OSV:GHSA-59J4-WJWP-MW9M", "href": "https://osv.dev/vulnerability/GHSA-59j4-wjwp-mw9m", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:14:08", "description": "\nIt was discovered that the Commandline class in maven-shared-utils, a\ncollection of various utility classes for the Maven build system, can emit\ndouble-quoted strings without proper escaping, allowing shell injection\nattacks.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.0.0-1+deb9u1.\n\n\nWe recommend that you upgrade your maven-shared-utils packages.\n\n\nFor the detailed security status of maven-shared-utils please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/maven-shared-utils>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-06-29T00:00:00", "type": "osv", "title": "maven-shared-utils - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29599"], "modified": "2022-07-21T05:54:14", "id": "OSV:DLA-3059-1", "href": "https://osv.dev/vulnerability/DLA-3059-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-23T22:31:01", "description": "Package : axis\nVersion : 1.4-12+deb6u1\nCVE ID : CVE-2012-5784 CVE-2014-3596\nDebian Bug : 762444\n\n A vulnerability was fixed in axis, a SOAP implementation in Java:\n\n The getCN function in Apache Axis 1.4 and earlier does not properly verify\n that the server hostname matches a domain name in the subject&#x27;s Common Name\n (CN) or subjectAltName field of the X.509 certificate, which allows\n man-in-the-middle attackers to spoof SSL servers via a certificate with a\n subject that specifies a common name in a field that is not the CN field.\n\n Thanks to Markus Koschany for providing the fixed package and David Jorm \n and Arun Neelicattu (Red Hat Product Security) for providing the patch.\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part.\n", "cvss3": {}, "published": "2015-03-10T18:47:07", "type": "debian", "title": "[SECURITY] [DLA 169-1] axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2015-03-10T18:47:07", "id": "DEBIAN:DLA-169-1:D3370", "href": "https://lists.debian.org/debian-lts-announce/2015/03/msg00006.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T17:16:18", "description": "Package : axis\nVersion : 1.4-12+deb6u1\nCVE ID : CVE-2012-5784 CVE-2014-3596\nDebian Bug : 762444\n\n A vulnerability was fixed in axis, a SOAP implementation in Java:\n\n The getCN function in Apache Axis 1.4 and earlier does not properly verify\n that the server hostname matches a domain name in the subject&#x27;s Common Name\n (CN) or subjectAltName field of the X.509 certificate, which allows\n man-in-the-middle attackers to spoof SSL servers via a certificate with a\n subject that specifies a common name in a field that is not the CN field.\n\n Thanks to Markus Koschany for providing the fixed package and David Jorm \n and Arun Neelicattu (Red Hat Product Security) for providing the patch.\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part.\n", "cvss3": {}, "published": "2015-03-10T18:47:07", "type": "debian", "title": "[SECURITY] [DLA 169-1] axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2015-03-10T18:47:07", "id": "DEBIAN:DLA-169-1:4CEDF", "href": "https://lists.debian.org/debian-lts-announce/2015/03/msg00006.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-01T16:11:06", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2821-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Thorsten Alteholz\nNovember 17, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : axis\nVersion : 1.4-25+deb9u1\nCVE ID : CVE-2018-8032\n\n\nAn issue has been found in axis, a SOAP implementation in Java.\nThe issue is related to a cross-site scripting (XSS) attack in the default \nservlet/services.\n\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.4-25+deb9u1.\n\nWe recommend that you upgrade your axis packages.\n\nFor the detailed security status of axis please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/axis\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-11-17T11:35:47", "type": "debian", "title": "[SECURITY] [DLA 2821-1] axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2021-11-17T11:35:47", "id": "DEBIAN:DLA-2821-1:A72F4", "href": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T12:22:18", "description": "Package : dom4j\nVersion : 1.6.1+dfsg.3-2+deb8u2\nCVE ID : CVE-2020-10683\nDebian Bug : 958055\n\n\nA flaw was found in dom4j library. By using the default\nSaxReader() provided by Dom4J, external DTDs and External\nEntities are allowed, resulting in a possible XXE.\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n1.6.1+dfsg.3-2+deb8u2.\n\nWe recommend that you upgrade your dom4j packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-30T22:00:18", "type": "debian", "title": "[SECURITY] [DLA 2191-1] dom4j security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2020-04-30T22:00:18", "id": "DEBIAN:DLA-2191-1:6C344", "href": "https://lists.debian.org/debian-lts-announce/2020/04/msg00029.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T10:41:56", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2595-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nMarch 17, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : velocity\nVersion : 1.7-5+deb9u1\nCVE ID : CVE-2020-13936\nDebian Bug : #985220\n\nIt was discovered that there was a potential arbitrary code execution\nvulnerability in velocity, a Java-based template engine for writing\nweb applications. It could be exploited by applications which allowed\nuntrusted users to upload/modify templates.\n\nFor Debian 9 &quot;Stretch&quot;, this problem has been fixed in version\n1.7-5+deb9u1.\n\nWe recommend that you upgrade your velocity packages.\n\nFor the detailed security status of velocity please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/velocity\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-17T12:25:07", "type": "debian", "title": "[SECURITY] [DLA 2595-1] velocity security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-17T12:25:07", "id": "DEBIAN:DLA-2595-1:62C40", "href": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-02T15:39:43", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify\nthat the server hostname matches a domain name in the subject's Common Name\n(CN) or subjectAltName field of the X.509 certificate, which allows\nman-in-the-middle attackers to spoof SSL servers via a certificate with a\nsubject that specifies a common name in a field that is not the CN field.\nNOTE: this issue exists because of an incomplete fix for CVE-2012-5784.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692650>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | fix for CVE-2012-5784 not applied to 12.04 LTS\n", "cvss3": {}, "published": "2014-08-27T00:00:00", "type": "ubuntucve", "title": "CVE-2014-3596", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2014-08-27T00:00:00", "id": "UB:CVE-2014-3596", "href": "https://ubuntu.com/security/CVE-2014-3596", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T15:49:33", "description": "Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass\nPay, PayPal Transactional Information SOAP, the Java Message Service\nimplementation in Apache ActiveMQ, and other products, does not verify that\nthe server hostname matches a domain name in the subject's Common Name (CN)\nor subjectAltName field of the X.509 certificate, which allows\nman-in-the-middle attackers to spoof SSL servers via an arbitrary valid\ncertificate.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692650>\n * <https://issues.apache.org/jira/browse/AXIS-2883>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5784>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | debian 1.4-16.1 has a possible regression. Nothing in the main archive seems to be directly affected by this, and changing it now may introduce failures in certain environments where the CN doesn't match the hostname. Downgrading priority to \"low\" \n[jdstrand](<https://launchpad.net/~jdstrand>) | if fixing this, also fix CVE-2014-3596\n", "cvss3": {}, "published": "2012-11-04T00:00:00", "type": "ubuntucve", "title": "CVE-2012-5784", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2012-11-04T00:00:00", "id": "UB:CVE-2012-5784", "href": "https://ubuntu.com/security/CVE-2012-5784", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-13T13:19:23", "description": "Jetty is a java based web server and servlet engine. Nonstandard cookie\nparsing in Jetty may allow an attacker to smuggle cookies within other\ncookies, or otherwise perform unintended behavior by tampering with the\ncookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"`\n(double quote), it will continue to read the cookie string until it sees a\nclosing quote -- even if a semicolon is encountered. So, a cookie header\nsuch as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one\ncookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337;\nc=d instead of 3 separate cookies. This has security implications because\nif, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie\nvalue is rendered on the page, an attacker can smuggle the JSESSIONID\ncookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is\nsignificant when an intermediary is enacting some policy based on cookies,\nso a smuggled cookie can bypass that policy yet still be seen by the Jetty\nserver or its logging system. This issue has been addressed in versions\n9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to\nupgrade. There are no known workarounds for this issue.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T00:00:00", "type": "ubuntucve", "title": "CVE-2023-26049", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-04-18T00:00:00", "id": "UB:CVE-2023-26049", "href": "https://ubuntu.com/security/CVE-2023-26049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T14:56:02", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site\nscripting (XSS) attack in the default servlet/services.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905328>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-08-02T00:00:00", "type": "ubuntucve", "title": "CVE-2018-8032", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2018-08-02T00:00:00", "id": "UB:CVE-2018-8032", "href": "https://ubuntu.com/security/CVE-2018-8032", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T13:34:32", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to fetch external resources. This issue affects\nApache XML Graphics Batik 1.14.\n\n#### Bugs\n\n * <https://issues.apache.org/jira/browse/BATIK-1333>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-22T00:00:00", "type": "ubuntucve", "title": "CVE-2022-38648", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38648"], "modified": "2022-09-22T00:00:00", "id": "UB:CVE-2022-38648", "href": "https://ubuntu.com/security/CVE-2022-38648", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T13:34:31", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to access files using a Jar url. This issue\naffects Apache XML Graphics Batik 1.14.\n\n#### Bugs\n\n * <https://issues.apache.org/jira/browse/BATIK-1335>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-22T00:00:00", "type": "ubuntucve", "title": "CVE-2022-40146", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2022-09-22T00:00:00", "id": "UB:CVE-2022-40146", "href": "https://ubuntu.com/security/CVE-2022-40146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T13:34:32", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML\nGraphics allows an attacker to load a url thru the jar protocol. This issue\naffects Apache XML Graphics Batik 1.14.\n\n#### Bugs\n\n * <https://issues.apache.org/jira/browse/BATIK-1331>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-22T00:00:00", "type": "ubuntucve", "title": "CVE-2022-38398", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2022-09-22T00:00:00", "id": "UB:CVE-2022-38398", "href": "https://ubuntu.com/security/CVE-2022-38398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T14:08:37", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0,\nand 11.0.0 when Jetty handles a request containing multiple Accept headers\nwith a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter\na denial of service (DoS) state due to high CPU usage processing those\nquality values, resulting in minutes of CPU time exhausted processing those\nquality values.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-02-26T00:00:00", "type": "ubuntucve", "title": "CVE-2020-27223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2021-02-26T00:00:00", "id": "UB:CVE-2020-27223", "href": "https://ubuntu.com/security/CVE-2020-27223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T14:07:46", "description": "An attacker that is able to modify Velocity templates may execute arbitrary\nJava code or run arbitrary system commands with the same privileges as the\naccount running the Servlet container. This applies to applications that\nallow untrusted users to upload/modify velocity templates running Apache\nVelocity Engine versions up to 2.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "ubuntucve", "title": "CVE-2020-13936", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-10T00:00:00", "id": "UB:CVE-2020-13936", "href": "https://ubuntu.com/security/CVE-2020-13936", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T16:00:14", "description": "The password hash generation algorithm in the BUILTIN authentication\nfunctionality for Apache Derby before 10.6.1.0 performs a transformation\nthat reduces the size of the set of inputs to SHA-1, which produces a small\nsearch space that makes it easier for local and possibly remote attackers\nto crack passwords by generating hash collisions, related to password\nsubstitution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | ignoring this CVE for esm-apps/xenial because we don't have plans to fix this.\n", "cvss3": {}, "published": "2010-08-16T00:00:00", "type": "ubuntucve", "title": "CVE-2009-4269", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2010-08-16T00:00:00", "id": "UB:CVE-2009-4269", "href": "https://ubuntu.com/security/CVE-2009-4269", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-01T10:27:50", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2014-08-27T00:55:00", "type": "cve", "title": "CVE-2014-3596", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2023-02-13T00:40:00", "cpe": ["cpe:/a:apache:axis:1.1", "cpe:/a:apache:axis:1.3", "cpe:/a:apache:axis:1.4", "cpe:/a:apache:axis:1.2.1", "cpe:/a:apache:axis:1.2", "cpe:/a:apache:axis:1.0"], "id": "CVE-2014-3596", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*"]}, {"lastseen": "2023-11-11T17:44:57", "description": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T21:15:09", "type": "cve", "title": "CVE-2023-26049", "cwe": ["CWE-200", "NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-09-30T15:15:09", "cpe": ["cpe:/a:eclipse:jetty:12.0.0", "cpe:/a:eclipse:jetty:12.0.0", "cpe:/a:eclipse:jetty:12.0.0"], "id": "CVE-2023-26049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:eclipse:jetty:12.0.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:12.0.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:12.0.0:alpha3:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T18:03:58", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-22T15:15:00", "type": "cve", "title": "CVE-2022-38398", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2023-10-30T02:18:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:apache:batik:1.14"], "id": "CVE-2022-38398", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:batik:1.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T15:21:59", "description": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T08:15:00", "type": "cve", "title": "CVE-2020-13936", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-11-07T03:17:00", "cpe": ["cpe:/a:oracle:retail_xstore_office_cloud_service:17.0.4", "cpe:/a:oracle:communications_network_integrity:7.3.6", "cpe:/a:oracle:banking_platform:2.6.2", "cpe:/a:oracle:banking_enterprise_default_management:2.7.1", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:retail_xstore_office_cloud_service:18.0.3", "cpe:/a:oracle:retail_xstore_office_cloud_service:19.0.2", "cpe:/a:oracle:banking_enterprise_default_management:2.4.1", "cpe:/a:apache:wss4j:2.3.1", "cpe:/a:oracle:banking_enterprise_default_management:2.10.0", "cpe:/a:oracle:retail_service_backbone:19.0.1", "cpe:/a:oracle:utilities_testing_accelerator:6.0.0.2.2", "cpe:/a:oracle:utilities_testing_accelerator:6.0.0.3.1", "cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0", "cpe:/a:oracle:banking_enterprise_default_management:2.6.2", "cpe:/a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0", "cpe:/a:oracle:utilities_testing_accelerator:6.0.0.1.1", "cpe:/a:oracle:hospitality_token_proxy_service:19.2", "cpe:/a:oracle:banking_enterprise_default_management:2.12.0", "cpe:/a:oracle:retail_integration_bus:19.0.1", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:banking_party_management:2.7.0", "cpe:/a:oracle:banking_platform:2.7.1", "cpe:/a:oracle:banking_platform:2.4.1", "cpe:/a:oracle:retail_xstore_office_cloud_service:16.0.6", "cpe:/a:oracle:banking_loans_servicing:2.12.0", "cpe:/a:oracle:retail_xstore_office_cloud_service:20.0.1"], "id": "CVE-2020-13936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13936", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:retail_xstore_office_cloud_service:16.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_default_management:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:wss4j:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:18.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T14:59:32", "description": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-01T15:15:00", "type": "cve", "title": "CVE-2021-28165", "cwe": ["CWE-755"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28165"], "modified": "2023-11-07T03:32:00", "cpe": ["cpe:/a:oracle:communications_session_report_manager:8.2.4.0", "cpe:/a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2", "cpe:/a:oracle:siebel_core_-_automation:21.9", "cpe:/a:oracle:communications_services_gatekeeper:7.0", "cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0", "cpe:/a:oracle:communications_session_route_manager:8.2.4.0", "cpe:/a:oracle:communications_element_manager:8.2.2", "cpe:/a:netapp:santricity_cloud_connector:-"], "id": "CVE-2021-28165", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28165", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_core_-_automation:21.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-01T15:47:03", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-08-02T13:29:00", "type": "cve", "title": "CVE-2018-8032", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2023-11-07T03:01:00", "cpe": ["cpe:/a:oracle:retail_order_broker:18.0", "cpe:/a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2", "cpe:/a:oracle:financial_services_compliance_regulatory_reporting:8.0.8", "cpe:/a:oracle:endeca_information_discovery_studio:3.2.0", "cpe:/a:oracle:rapid_planning:12.2", "cpe:/a:oracle:communications_network_integrity:7.3.6", "cpe:/a:oracle:rapid_planning:12.1", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:oracle:primavera_gateway:16.2.11", "cpe:/a:oracle:communications_asap_cartridges:7.3", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58", "cpe:/a:oracle:primavera_unifier:19.12", "cpe:/a:oracle:instantis_enterprisetrack:17.3", "cpe:/a:oracle:communications_element_manager:8.1.0", "cpe:/a:oracle:policy_automation_connector_for_siebel:10.4.6", "cpe:/a:oracle:primavera_unifier:17.12", "cpe:/a:oracle:agile_product_lifecycle_management_framework:9.3.3", "cpe:/a:oracle:application_testing_suite:13.2.0.1", "cpe:/a:oracle:hospitality_guest_access:4.2.1", "cpe:/a:oracle:communications_asap_cartridges:7.2", "cpe:/a:apache:axis:1.4", "cpe:/a:oracle:financial_services_funds_transfer_pricing:8.0.7", "cpe:/a:oracle:agile_engineering_data_management:6.2.1.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:communications_session_report_manager:8.2.0", "cpe:/a:oracle:communications_session_report_manager:8.0.0", "cpe:/a:oracle:real-time_decision_server:3.2.1.0", "cpe:/a:oracle:primavera_gateway:17.12.6", "cpe:/a:oracle:retail_order_broker:15.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:flexcube_core_banking:11.10.0", "cpe:/a:oracle:instantis_enterprisetrack:17.2", "cpe:/a:oracle:primavera_unifier:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0", "cpe:/a:oracle:communications_design_studio:7.3.4.3.0", "cpe:/a:oracle:knowledge:8.6.3", "cpe:/a:oracle:communications_session_route_manager:8.0.0", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:7.3.5", "cpe:/a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5", "cpe:/a:oracle:siebel_ui_framework:21.0", "cpe:/a:oracle:communications_session_route_manager:8.2.0", "cpe:/a:oracle:communications_session_route_manager:8.1.0", "cpe:/a:oracle:communications_session_report_manager:8.1.0", "cpe:/a:oracle:communications_element_manager:8.2.0", "cpe:/a:oracle:internet_directory:12.2.1.4.0", "cpe:/a:oracle:instantis_enterprisetrack:17.1", "cpe:/a:oracle:secure_global_desktop:5.5", "cpe:/a:oracle:flexcube_private_banking:12.1.0", "cpe:/a:oracle:communications_element_manager:8.0.0", "cpe:/a:oracle:communications_network_integrity:7.3.5", "cpe:/a:oracle:primavera_unifier:16.2", "cpe:/a:oracle:communications_session_route_manager:8.1.1", "cpe:/a:oracle:communications_session_report_manager:8.1.1", "cpe:/a:oracle:communications_element_manager:8.1.1", "cpe:/a:oracle:communications_design_studio:7.4.0.4.0", "cpe:/a:oracle:application_testing_suite:13.3.0.1", "cpe:/a:oracle:primavera_unifier:18.8", "cpe:/a:oracle:communications_design_studio:7.3.5.5.0", "cpe:/a:oracle:flexcube_core_banking:11.8.0", "cpe:/a:oracle:hospitality_guest_access:4.2.0", "cpe:/a:oracle:internet_directory:12.2.1.3.0", "cpe:/a:oracle:flexcube_private_banking:12.0.0", "cpe:/a:oracle:communications_design_studio:7.4.1.1.0", "cpe:/a:oracle:secure_global_desktop:5.4", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:flexcube_core_banking:11.9.0", "cpe:/a:oracle:tuxedo:12.1.3", "cpe:/a:oracle:retail_order_broker:16.0", "cpe:/a:oracle:big_data_discovery:1.6", "cpe:/a:oracle:flexcube_core_banking:11.7.0", "cpe:/a:oracle:communications_order_and_service_management:7.3.0.0.0", "cpe:/a:oracle:communications_order_and_service_management:7.4", "cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.8", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:webcenter_portal:12.2.1.3.0"], "id": "CVE-2018-8032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8032", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_ui_framework:21.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:knowledge:8.6.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T14:44:34", "description": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.", "cvss3": {}, "published": "2010-08-16T20:00:00", "type": "cve", "title": "CVE-2009-4269", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2011-01-26T06:41:00", "cpe": ["cpe:/a:apache:derby:10.5.3.0"], "id": "CVE-2009-4269", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4269", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:derby:10.5.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T18:10:18", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-22T15:15:00", "type": "cve", "title": "CVE-2022-40146", "cwe": ["CWE-918"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-10-30T16:17:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:apache:batik:1.14"], "id": "CVE-2022-40146", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:batik:1.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-02T16:04:59", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-02-26T22:15:00", "type": "cve", "title": "CVE-2020-27223", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-11-07T03:20:00", "cpe": ["cpe:/a:netapp:hci_management_node:-", "cpe:/a:netapp:snap_creator_framework:-", "cpe:/a:netapp:e-series_santricity_web_services:-", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:apache:solr:8.8.1", "cpe:/a:netapp:element_plug-in_for_vcenter_server:-", "cpe:/a:netapp:e-series_santricity_os_controller:11.70.1", "cpe:/a:eclipse:jetty:11.0.0", "cpe:/a:netapp:solidfire:-", "cpe:/a:apache:spark:3.1.1", "cpe:/a:netapp:snapcenter:-", "cpe:/a:netapp:management_services_for_element_software:-", "cpe:/a:apache:nifi:1.13.0", "cpe:/a:netapp:snapmanager:-", "cpe:/a:eclipse:jetty:9.4.6", "cpe:/a:eclipse:jetty:10.0.0", "cpe:/a:netapp:hci:-", "cpe:/a:eclipse:jetty:9.4.36"], "id": "CVE-2020-27223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:nifi:1.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:9.4.36:20210114:*:*:*:*:*:*", "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:spark:3.1.1:-:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:10.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:eclipse:jetty:9.4.36:-:*:*:*:*:*:*", "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*"]}, {"lastseen": "2023-12-02T17:15:31", "description": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-23T11:16:00", "type": "cve", "title": "CVE-2022-29599", "cwe": ["CWE-116"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29599"], "modified": "2023-09-28T09:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "CVE-2022-29599", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29599", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-31T16:48:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for axis (openSUSE-SU-2019:1526-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852545", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852545\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-08 02:00:39 +0000 (Sat, 08 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for axis (openSUSE-SU-2019:1526-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1526-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the openSUSE-SU-2019:1526-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for axis fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check\n against X.509 certificate name (bsc#1134598).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1526=1\");\n\n script_tag(name:\"affected\", value:\"'axis' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.4~300.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.4~300.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.4~300.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-16T00:00:00", "type": "openvas", "title": "RedHat Update for axis RHSA-2014:1193-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for axis RHSA-2014:1193-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871241\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-16 06:03:13 +0200 (Tue, 16 Sep 2014)\");\n script_cve_id(\"CVE-2014-3596\", \"CVE-2012-5784\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for axis RHSA-2014:1193-01\");\n script_tag(name:\"insight\", value:\"Apache Axis is an implementation of SOAP\n(Simple Object Access Protocol). It can be used to build both web service clients\nand servers.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nFor additional information on this flaw, refer to the Knowledgebase article\nin the References section.\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll axis users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using Apache\nAxis must be restarted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"axis on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"RHSA\", value:\"2014:1193-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-September/msg00028.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~7.5.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~2jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-debuginfo\", rpm:\"axis-debuginfo~1.2.1~2jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.2.1~2jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.2.1~2jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-16T00:00:00", "type": "openvas", "title": "CentOS Update for axis CESA-2014:1193 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for axis CESA-2014:1193 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882025\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-16 06:03:45 +0200 (Tue, 16 Sep 2014)\");\n script_cve_id(\"CVE-2014-3596\", \"CVE-2012-5784\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for axis CESA-2014:1193 centos6\");\n script_tag(name:\"insight\", value:\"Apache Axis is an implementation of SOAP\n(Simple Object Access Protocol). It can be used to build both web service clients\nand servers.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nFor additional information on this flaw, refer to the Knowledgebase article\nin the References section.\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll axis users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using Apache\nAxis must be restarted for this update to take effect.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at the linked references.\n\n5. Bugs fixed:\n\n1129935 - CVE-2014-3596 axis: SSL hostname verification bypass, incomplete\nCVE-2012-5784 fix\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\n\nx86_64:\naxis-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.i386.rpm\n\nx86_64:\naxis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.i386.rpm\n\nia64:\naxis-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.ia64.rpm\n\nppc:\naxis-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.ppc.rpm\n\ns390x:\naxis-1.2.1-2jpp.8.el5_10.s390x ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"axis on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1193\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020561.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~7.5.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.2.1~7.5.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.2.1~7.5.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T16:49:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for axis (openSUSE-SU-2019:1497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852532", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852532\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-04 02:00:48 +0000 (Tue, 04 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for axis (openSUSE-SU-2019:1497-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1497-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the openSUSE-SU-2019:1497-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for axis fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check\n against X.509 certificate name (bsc#1134598).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1497=1\");\n\n script_tag(name:\"affected\", value:\"'axis' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.4~lp150.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.4~lp150.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-16T00:00:00", "type": "openvas", "title": "CentOS Update for axis CESA-2014:1193 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for axis CESA-2014:1193 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882024\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-16 06:03:37 +0200 (Tue, 16 Sep 2014)\");\n script_cve_id(\"CVE-2014-3596\", \"CVE-2012-5784\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for axis CESA-2014:1193 centos5\");\n script_tag(name:\"insight\", value:\"Apache Axis is an implementation of SOAP\n(Simple Object Access Protocol). It can be used to build both web service clients\nand servers.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nFor additional information on this flaw, refer to the Knowledgebase article\nin the References section.\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll axis users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using Apache\nAxis must be restarted for this update to take effect.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at the linked references.\n\n5. Bugs fixed:\n\n1129935 - CVE-2014-3596 axis: SSL hostname verification bypass, incomplete\nCVE-2012-5784 fix\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\n\nx86_64:\naxis-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.i386.rpm\n\nx86_64:\naxis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\naxis-1.2.1-2jpp.8.el5_10.src.rpm\n\ni386:\naxis-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.i386.rpm\n\nia64:\naxis-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.ia64.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.ia64.rpm\n\nppc:\naxis-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-debuginfo-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-javadoc-1.2.1-2jpp.8.el5_10.ppc.rpm\naxis-manual-1.2.1-2jpp.8.el5_10.ppc.rpm\n\ns390x:\naxis-1.2.1-2jpp.8.el5_10.s390x ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"axis on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1193\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-September/020562.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~2jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.2.1~2jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.2.1~2jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T17:36:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for axis (openSUSE-SU-2018:3218-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851938", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851938\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-18 06:29:46 +0200 (Thu, 18 Oct 2018)\");\n script_cve_id(\"CVE-2018-8032\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for axis (openSUSE-SU-2018:3218-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for axis fixes the following security issue:\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default\n servlet/services (bsc#1103658).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1188=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1188=1\");\n\n script_tag(name:\"affected\", value:\"axis on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3218-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.4~295.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.4~295.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.4~295.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-13T19:06:01", "description": "Apache Derby is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Apache Derby Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4269"], "modified": "2020-03-10T00:00:00", "id": "OPENVAS:1361412562310801284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Derby Information Disclosure Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:derby\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801284\");\n script_version(\"2020-03-10T06:59:42+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-10 06:59:42 +0000 (Tue, 10 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 16:37:50 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2009-4269\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Derby Information Disclosure Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"gb_apache_derby_consolidation.nasl\");\n script_mandatory_keys(\"apache/derby/detected\");\n\n script_tag(name:\"summary\", value:\"Apache Derby is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a weaknesses in the password hash generation algorithm used\n in Derby to store passwords in the database, performs a transformation that reduces the size of the set of\n inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote\n attackers to crack passwords by generating hash collisions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let remote attackers to crack passwords by\n generating hash collisions.\");\n\n script_tag(name:\"affected\", value:\"Apache Derby versions before 10.6.1.0.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Derby version 10.6.1.0 or later.\");\n\n script_xref(name:\"URL\", value:\"http://marcellmajor.com/derbyhash.html\");\n script_xref(name:\"URL\", value:\"https://issues.apache.org/jira/browse/DERBY-4483\");\n script_xref(name:\"URL\", value:\"http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"10.6.1.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.6.1.0\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Fedora Update for axis FEDORA-2018-8a85ed2f10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874986", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8a85ed2f10_axis_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for axis FEDORA-2018-8a85ed2f10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874986\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 07:05:16 +0200 (Sun, 26 Aug 2018)\");\n script_cve_id(\"CVE-2018-8032\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for axis FEDORA-2018-8a85ed2f10\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"axis on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8a85ed2f10\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5PSL3445FAECTG4YYE7GBG6QIR75LAK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.4~35.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:09:56", "description": "The host is running Apache Derby and is prone to information\n disclosure vulnerability.", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Apache Derby Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4269"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:801284", "href": "http://plugins.openvas.org/nasl.php?oid=801284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_derby_info_disc_vuln.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Apache Derby Information Disclosure Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let remote attackers to crack passwords by\n generating hash collisions.\n Impact Level: Application\";\ntag_affected = \"Apache Derby versions before 10.6.1.0\";\ntag_insight = \"The flaw is due to a weaknesses in the password hash generation\n algorithm used in Derby to store passwords in the database, performs a\n transformation that reduces the size of the set of inputs to SHA-1,\n which produces a small search space that makes it easier for local and\n possibly remote attackers to crack passwords by generating hash collisions.\";\ntag_solution = \"Upgrade to Apache Derby version 10.6.1.0 or later,\n For updates refer to http://db.apache.org/derby/derby_downloads.html\";\ntag_summary = \"The host is running Apache Derby and is prone to information\n disclosure vulnerability.\";\n\nif(description)\n{\n script_id(801284);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 16:37:50 +0200 (Fri, 10 Sep 2010)\");\n script_cve_id(\"CVE-2009-4269\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Apache Derby Information Disclosure Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://marcellmajor.com/derbyhash.html\");\n script_xref(name : \"URL\" , value : \"https://issues.apache.org/jira/browse/DERBY-4483\");\n script_xref(name : \"URL\" , value : \"http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"gb_apache_derby_detect.nasl\");\n script_require_ports(\"Services/apache_derby\",1527);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\n## Get Apache Derby Port\nport = get_kb_item(\"Services/apache_derby\");\nif(!port) {\n port = 1527;\n}\n\nif(!get_port_state(port)) {\n exit(0);\n}\n\n## Check for Apache Derby versions before 10.06.0\nif(ver = get_kb_item(string(\"apache_derby/\",port,\"/version\")))\n{\n if(version_is_less(version: ver, test_version: \"10.06.0\"))\n {\n security_message(port:port);\n exit(0);\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-04T00:00:00", "type": "openvas", "title": "Fedora Update for axis FEDORA-2013-1194", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for axis FEDORA-2013-1194\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865314\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-04 09:53:37 +0530 (Mon, 04 Feb 2013)\");\n script_cve_id(\"CVE-2012-5784\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2013-1194\");\n script_name(\"Fedora Update for axis FEDORA-2013-1194\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'axis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"axis on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.4~19.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:36", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120389", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120389\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:14 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-164)\");\n script_tag(name:\"insight\", value:\"Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784 )\");\n script_tag(name:\"solution\", value:\"Run yum update axis to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-164.html\");\n script_cve_id(\"CVE-2012-5784\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"axis-manual\", rpm:\"axis-manual~1.2.1~7.3.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~7.3.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis-javadoc\", rpm:\"axis-javadoc~1.2.1~7.3.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"axis\", rpm:\"axis~1.2.1~7.3.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2023-04-18T13:45:27", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.\n", "cvss3": {}, "published": "2019-01-15T09:01:11", "type": "veracode", "title": "Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2023-02-13T01:51:55", "id": "VERACODE:11377", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-11377/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-11T20:26:01", "description": "jetty-server is vulnerable to Information Disclosure. The vulnerability exists because the cookie parsing of quoted values can exfiltrate values from other cookies because the cookie VALUE that starts with `\"` (double quote) will continue to read the cookie string until it sees a closing quote even if a semicolon is encountered in the library, which allows an attacker to smuggle cookies within other cookies or perform unintended behavior by tampering with the cookie parsing mechanism through the cookie header. For example, the cookie `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will result in the cookie name as `DISPLAY_LANGUAGE` with the value `b; JSESSIONID=1337; c=d`, instead of parsing of three separate cookies \n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-24T04:51:24", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-09-30T17:03:47", "id": "VERACODE:40263", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-40263/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-18T06:46:57", "description": "velocity-engine-core is vulnerable to remote code execution. The Uberspector fails to prevent access to `java.lang.ClassLoader` methods and allows an attacker that is able to modify Template contents to execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-04T04:14:51", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-04-06T01:46:20", "id": "VERACODE:29563", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29563/summary", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-26T16:46:22", "description": "Jetty is vulnerable to denial of service (DoS). The use of multiple Accept headers with a large number of `quality` causes a high CPU usage, resulting in long durations of CPU processing and crashing of the application.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-01T03:37:45", "type": "veracode", "title": "Denial Of Service(DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2021-06-23T19:25:15", "id": "VERACODE:29523", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29523/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:08:37", "description": "org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in `DefaultExternalResourceSecurity` because the constructor logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-26T12:42:58", "type": "veracode", "title": "Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2022-09-28T05:56:28", "id": "VERACODE:37277", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37277/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-18T15:45:43", "description": "Apache Derby is vulnerable to information disclosure. The attack exists due to a flaw in the password hash generation algorithm in the BUILTIN authentication functionality which leads to generation of small password search space allowing easy password cracking.\n", "cvss3": {}, "published": "2018-11-09T03:35:44", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2019-05-15T06:17:56", "id": "VERACODE:7716", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-7716/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T20:08:38", "description": "org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in `DefaultExternalResourceSecurity` because the constructor logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-26T12:09:46", "type": "veracode", "title": "Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2022-09-27T08:32:10", "id": "VERACODE:37275", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37275/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-18T15:39:11", "description": "axis is vulnerable to a cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary Javascript through the default `servlet/services` URL.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-11-20T06:15:58", "type": "veracode", "title": "Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2023-03-23T04:18:54", "id": "VERACODE:7856", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-7856/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T20:08:39", "description": "org.apache.xmlgraphics:batik-bridge is vulnerable to server-side request forgery. The vulnerability exists in the `createImageGraphicsNode` function in `SVGImageElementBridge.java` because the function logic does not properly restrict external resources, which allows remote attackers to cause SSRF bypass and gain access to confidential information.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-26T11:37:26", "type": "veracode", "title": "Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38648"], "modified": "2022-09-27T08:24:17", "id": "VERACODE:37274", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37274/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-11-08T06:11:45", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for axis fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check\n against X.509 certificate name (bsc#1134598).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1526=1", "cvss3": {}, "published": "2019-06-07T00:00:00", "type": "suse", "title": "Security update for axis (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2019-06-07T00:00:00", "id": "OPENSUSE-SU-2019:1526-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OHSDSY6IGUNTGRNRQMS7CCCQF2V2D52U/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-18T12:41:57", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for axis fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check\n against X.509 certificate name (bsc#1134598).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1497=1", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "suse", "title": "Security update for axis (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2019-06-03T00:00:00", "id": "OPENSUSE-SU-2019:1497-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NIAMULYG5N26EYEDOKOQ7IOJ2QNZHEZV/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for jetty-minimal fixes the following issues:\n\n Update to version 9.4.42.v20210604\n\n - Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the\n ConcatServlet with a doubly encoded path to access protected resources\n within the WEB-INF directory\n - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client\n send data length > 17408\n - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs\n - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from\n deployment scan\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2005=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-11T00:00:00", "type": "suse", "title": "Security update for jetty-minimal (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169"], "modified": "2021-07-11T00:00:00", "id": "OPENSUSE-SU-2021:2005-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4KKN3NUA6VAZ6XTFLI3KB3IHAPVD46L/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-18T12:40:33", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for velocity fixes the following issues:\n\n - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able\n to modify templates (bsc#1183360).\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-447=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T00:00:00", "type": "suse", "title": "Security update for velocity (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-19T00:00:00", "id": "OPENSUSE-SU-2021:0447-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X7H6XAK2KQMJUKMVVIRDA5YQLUSPV5YO/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-10-18T02:30:54", "description": "This update for axis fixes the following security issue:\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default\n servlet/services (bsc#1103658).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-10-18T00:13:19", "type": "suse", "title": "Security update for axis (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2018-10-18T00:13:19", "id": "OPENSUSE-SU-2018:3218-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00038.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debiancve": [{"lastseen": "2023-12-01T22:20:24", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2014-08-27T00:55:00", "type": "debiancve", "title": "CVE-2014-3596", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2014-08-27T00:55:00", "id": "DEBIANCVE:CVE-2014-3596", "href": "https://security-tracker.debian.org/tracker/CVE-2014-3596", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-11T18:25:32", "description": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T21:15:09", "type": "debiancve", "title": "CVE-2023-26049", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-04-18T21:15:09", "id": "DEBIANCVE:CVE-2023-26049", "href": "https://security-tracker.debian.org/tracker/CVE-2023-26049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T18:21:47", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-22T15:15:00", "type": "debiancve", "title": "CVE-2022-38398", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2022-09-22T15:15:00", "id": "DEBIANCVE:CVE-2022-38398", "href": "https://security-tracker.debian.org/tracker/CVE-2022-38398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T15:27:37", "description": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T08:15:00", "type": "debiancve", "title": "CVE-2020-13936", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-10T08:15:00", "id": "DEBIANCVE:CVE-2020-13936", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13936", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T18:23:03", "description": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.", "cvss3": {}, "published": "2010-08-16T20:00:00", "type": "debiancve", "title": "CVE-2009-4269", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2010-08-16T20:00:00", "id": "DEBIANCVE:CVE-2009-4269", "href": "https://security-tracker.debian.org/tracker/CVE-2009-4269", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:23:11", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-08-02T13:29:00", "type": "debiancve", "title": "CVE-2018-8032", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2018-08-02T13:29:00", "id": "DEBIANCVE:CVE-2018-8032", "href": "https://security-tracker.debian.org/tracker/CVE-2018-8032", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T18:25:52", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-02-26T22:15:00", "type": "debiancve", "title": "CVE-2020-27223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2021-02-26T22:15:00", "id": "DEBIANCVE:CVE-2020-27223", "href": "https://security-tracker.debian.org/tracker/CVE-2020-27223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-02T18:21:47", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-22T15:15:00", "type": "debiancve", "title": "CVE-2022-40146", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2022-09-22T15:15:00", "id": "DEBIANCVE:CVE-2022-40146", "href": "https://security-tracker.debian.org/tracker/CVE-2022-40146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-12-02T15:27:28", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16821.NASL", "href": "https://www.tenable.com/plugins/nessus/93256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16821.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93256);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n script_bugtraq_id(56408, 69295);\n\n script_name(english:\"F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The getCN function in Apache Axis 1.4 and earlier does not properly\nverify that the server hostname matches a domain name in the subject's\nCommon Name (CN) or subjectAltName field of the X.509 certificate,\nwhich allows man-in-the-middle attackers to spoof SSL servers via a\ncertificate with a subject that specifies a common name in a field\nthat is not the CN field. NOTE: this issue exists because of an\nincomplete fix for CVE-2012-5784.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16821\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16821.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16821\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1HF1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:12", "description": "This update for axis fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : axis (openSUSE-2019-1497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:axis", "p-cpe:/a:novell:opensuse:axis-manual", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1497.NASL", "href": "https://www.tenable.com/plugins/nessus/125695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1497.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125695);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n\n script_name(english:\"openSUSE Security Update : axis (openSUSE-2019-1497)\");\n script_summary(english:\"Check for the openSUSE-2019-1497 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for axis fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection\n hostname check against X.509 certificate name\n (bsc#1134598).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134598\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected axis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-1.4-lp150.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-manual-1.4-lp150.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis / axis-manual\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:31", "description": "This update for axis fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2019-06-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : axis (openSUSE-2019-1526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:axis", "p-cpe:/a:novell:opensuse:axis-javadoc", "p-cpe:/a:novell:opensuse:axis-manual", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/125793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1526.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125793);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n\n script_name(english:\"openSUSE Security Update : axis (openSUSE-2019-1526)\");\n script_summary(english:\"Check for the openSUSE-2019-1526 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for axis fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2012-5784, CVE-2014-3596: Fixed missing connection\n hostname check against X.509 certificate name\n (bsc#1134598).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134598\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected axis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-1.4-300.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-javadoc-1.4-300.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-manual-1.4-300.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis / axis-javadoc / axis-manual\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:52:26", "description": "A vulnerability was fixed in axis, a SOAP implementation in Java :\n\nThe getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.\n\nThanks to Markus Koschany for providing the fixed package and David Jorm and Arun Neelicattu (Red Hat Product Security) for providing the patch.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-169-1 : axis security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libaxis-java", "p-cpe:/a:debian:debian_linux:libaxis-java-doc", "p-cpe:/a:debian:debian_linux:libaxis-java-gcj", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-169.NASL", "href": "https://www.tenable.com/plugins/nessus/82153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-169-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82153);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5784\", \"CVE-2014-3596\");\n script_bugtraq_id(56408, 69295);\n\n script_name(english:\"Debian DLA-169-1 : axis security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was fixed in axis, a SOAP implementation in Java :\n\nThe getCN function in Apache Axis 1.4 and earlier does not\nproperly verify that the server hostname matches a domain\nname in the subject's Common Name (CN) or subjectAltName\nfield of the X.509 certificate, which allows\nman-in-the-middle attackers to spoof SSL servers via a\ncertificate with a subject that specifies a common name in a\nfield that is not the CN field.\n\nThanks to Markus Koschany for providing the fixed package\nand David Jorm and Arun Neelicattu (Red Hat Product\nSecurity) for providing the patch.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/03/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/axis\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaxis-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaxis-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaxis-java-gcj\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libaxis-java\", reference:\"1.4-12+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libaxis-java-doc\", reference:\"1.4-12+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libaxis-java-gcj\", reference:\"1.4-12+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-31T18:30:37", "description": "The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : batik (ALAS-2023-1966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:batik", "p-cpe:/a:amazon:linux:batik-demo", "p-cpe:/a:amazon:linux:batik-javadoc", "p-cpe:/a:amazon:linux:batik-rasterizer", "p-cpe:/a:amazon:linux:batik-slideshow", "p-cpe:/a:amazon:linux:batik-squiggle", "p-cpe:/a:amazon:linux:batik-svgpp", "p-cpe:/a:amazon:linux:batik-ttf2svg", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-1966.NASL", "href": "https://www.tenable.com/plugins/nessus/172170", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-1966.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172170);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/31\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : batik (ALAS-2023-1966)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-11987.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38398.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38648.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-40146.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-41704.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42890.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update batik' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'batik-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-javadoc-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"batik / batik-demo / batik-javadoc / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T11:07:02", "description": "The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. (CVE-2022-44730)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-14T00:00:00", "type": "nessus", "title": "Debian DLA-3619-1 : batik - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-44729", "CVE-2022-44730"], "modified": "2023-10-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbatik-java", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3619.NASL", "href": "https://www.tenable.com/plugins/nessus/183091", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3619. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(183091);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/15\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-44729\",\n \"CVE-2022-44730\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DLA-3619-1 : batik - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-3619 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics\n Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger\n loading external resources by default, causing resource consumption or in some cases even information\n disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics\n Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data\n and send it directly as parameter to a URL. (CVE-2022-44730)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/batik\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-11987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-38398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-38648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-40146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-44729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-44730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/batik\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the batik packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.10-2+deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbatik-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libbatik-java', 'reference': '1.10-2+deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-31T17:29:48", "description": "The version of batik installed on the remote host is prior to 1.7-10.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1695 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : batik (ALAS-2023-1695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:batik", "p-cpe:/a:amazon:linux:batik-demo", "p-cpe:/a:amazon:linux:batik-javadoc", "p-cpe:/a:amazon:linux:batik-rasterizer", "p-cpe:/a:amazon:linux:batik-slideshow", "p-cpe:/a:amazon:linux:batik-squiggle", "p-cpe:/a:amazon:linux:batik-svgpp", "p-cpe:/a:amazon:linux:batik-ttf2svg", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1695.NASL", "href": "https://www.tenable.com/plugins/nessus/172184", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1695.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172184);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/31\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : batik (ALAS-2023-1695)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of batik installed on the remote host is prior to 1.7-10.10. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2023-1695 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1695.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-11987.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38398.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38648.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-40146.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-41704.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42890.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update batik' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'batik-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-javadoc-1.7-10.10.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"batik / batik-demo / batik-javadoc / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T10:53:02", "description": "The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory.\n\n - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17566", "CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libbatik-java"], "id": "UBUNTU_USN-6117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/176489", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6117-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176489);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2019-17566\",\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"USN\", value:\"6117-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by\nmultiple vulnerabilities as referenced in the USN-6117-1 advisory.\n\n - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the\n xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this\n vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6117-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libbatik-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbatik-java\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libbatik-java', 'pkgver': '1.8-3ubuntu1+esm1'},\n {'osver': '18.04', 'pkgname': 'libbatik-java', 'pkgver': '1.10-2~18.04.1'},\n {'osver': '20.04', 'pkgname': 'libbatik-java', 'pkgver': '1.12-1ubuntu0.1'},\n {'osver': '22.04', 'pkgname': 'libbatik-java', 'pkgver': '1.14-1ubuntu0.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:12", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2005-1 advisory.\n\n - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.\n (CVE-2021-28163)\n\n - In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. (CVE-2021-28164)\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. (CVE-2021-28169)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : jetty-minimal (openSUSE-SU-2021:2005-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jetty-annotations", "p-cpe:/a:novell:opensuse:jetty-client", "p-cpe:/a:novell:opensuse:jetty-continuation", "p-cpe:/a:novell:opensuse:jetty-http", "p-cpe:/a:novell:opensuse:jetty-io", "p-cpe:/a:novell:opensuse:jetty-websocket-servlet", "p-cpe:/a:novell:opensuse:jetty-xml", "p-cpe:/a:novell:opensuse:jetty-jaas", "cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:jetty-javax-websocket-client-impl", "p-cpe:/a:novell:opensuse:jetty-javax-websocket-server-impl", "p-cpe:/a:novell:opensuse:jetty-jmx", "p-cpe:/a:novell:opensuse:jetty-jndi", "p-cpe:/a:novell:opensuse:jetty-jsp", "p-cpe:/a:novell:opensuse:jetty-minimal-javadoc", "p-cpe:/a:novell:opensuse:jetty-openid", "p-cpe:/a:novell:opensuse:jetty-plus", "p-cpe:/a:novell:opensuse:jetty-proxy", "p-cpe:/a:novell:opensuse:jetty-security", "p-cpe:/a:novell:opensuse:jetty-server", "p-cpe:/a:novell:opensuse:jetty-servlet", "p-cpe:/a:novell:opensuse:jetty-util", "p-cpe:/a:novell:opensuse:jetty-util-ajax", "p-cpe:/a:novell:opensuse:jetty-webapp", "p-cpe:/a:novell:opensuse:jetty-websocket-api", "p-cpe:/a:novell:opensuse:jetty-websocket-client", "p-cpe:/a:novell:opensuse:jetty-websocket-common", "p-cpe:/a:novell:opensuse:jetty-websocket-javadoc", "p-cpe:/a:novell:opensuse:jetty-websocket-server"], "id": "OPENSUSE-2021-2005.NASL", "href": "https://www.tenable.com/plugins/nessus/151741", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2005-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2021-28163\",\n \"CVE-2021-28164\",\n \"CVE-2021-28165\",\n \"CVE-2021-28169\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : jetty-minimal (openSUSE-SU-2021:2005-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2005-1 advisory.\n\n - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a\n webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp,\n inadvertently serving the webapps themselves and anything else that might be in that directory.\n (CVE-2021-28163)\n\n - In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with\n URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For\n example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive\n information regarding the implementation of a web application. (CVE-2021-28164)\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can\n reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the\n ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For\n example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal\n sensitive information regarding the implementation of a web application. (CVE-2021-28169)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187117\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4KKN3NUA6VAZ6XTFLI3KB3IHAPVD46L/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7c84753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28169\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Jetty WEB-INF File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-continuation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-io\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-jaas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-javax-websocket-client-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-javax-websocket-server-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-jndi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-jsp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-minimal-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-openid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-plus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-servlet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-util-ajax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-websocket-servlet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jetty-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'jetty-annotations-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-client-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-continuation-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-http-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-io-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-jaas-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-javax-websocket-client-impl-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-javax-websocket-server-impl-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-jmx-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-jndi-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-jsp-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-minimal-javadoc-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-openid-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-plus-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-proxy-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-security-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-server-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-servlet-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-util-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-util-ajax-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-webapp-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-api-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-client-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-common-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-javadoc-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-server-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-websocket-servlet-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'jetty-xml-9.4.42-3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jetty-annotations / jetty-client / jetty-continuation / jetty-http / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:22:53", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2005-1 advisory.\n\n - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.\n (CVE-2021-28163)\n\n - In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. (CVE-2021-28164)\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. (CVE-2021-28169)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-21T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : jetty-minimal (SUSE-SU-2021:2005-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jetty-http", "p-cpe:/a:novell:suse_linux:jetty-io", "p-cpe:/a:novell:suse_linux:jetty-security", "p-cpe:/a:novell:suse_linux:jetty-server", "p-cpe:/a:novell:suse_linux:jetty-servlet", "p-cpe:/a:novell:suse_linux:jetty-util", "p-cpe:/a:novell:suse_linux:jetty-util-ajax", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150895", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2005-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150895);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-28163\",\n \"CVE-2021-28164\",\n \"CVE-2021-28165\",\n \"CVE-2021-28169\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2005-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : jetty-minimal (SUSE-SU-2021:2005-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2005-1 advisory.\n\n - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a\n webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp,\n inadvertently serving the webapps themselves and anything else that might be in that directory.\n (CVE-2021-28163)\n\n - In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with\n URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For\n example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive\n information regarding the implementation of a web application. (CVE-2021-28164)\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can\n reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\n - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the\n ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For\n example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal\n sensitive information regarding the implementation of a web application. (CVE-2021-28169)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28169\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-June/009033.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55582492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Jetty WEB-INF File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-io\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-servlet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jetty-util-ajax\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'jetty-http-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-http-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-io-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-io-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-security-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-security-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-server-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-server-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-servlet-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-servlet-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-util-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-util-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-util-ajax-9.4.42-3.9', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-util-ajax-9.4.42-3.9', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'jetty-http-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-http-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-io-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-io-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-security-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-security-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-server-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-server-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-servlet-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-servlet-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-util-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-util-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-util-ajax-9.4.42-3.9', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'jetty-util-ajax-9.4.42-3.9', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jetty-http / jetty-io / jetty-security / jetty-server / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T14:32:33", "description": "According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers.\n (CVE-2019-16335, CVE-2019-14540)\n\n - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. An unauthenticated, remote attacker can exploit this to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not a CN field. (CVE-2014-3596)\n\n - A Server Side Request Forgery (SSRF) vulnerability in Apache Axis that can be exploited by an unauthenticated, remote attacker. (CVE-2019-0227)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3596", "CVE-2015-9251", "CVE-2018-8032", "CVE-2019-0227", "CVE-2019-11358", "CVE-2019-12415", "CVE-2019-14540", "CVE-2019-16335"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/132936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132936);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3596\",\n \"CVE-2015-9251\",\n \"CVE-2018-8032\",\n \"CVE-2019-0227\",\n \"CVE-2019-11358\",\n \"CVE-2019-12415\",\n \"CVE-2019-14540\",\n \"CVE-2019-16335\"\n );\n script_bugtraq_id(\n 69295,\n 105658,\n 107867,\n 108023\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0140\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web\nserver is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is,\ntherefore, affected by multiple vulnerabilities, including the following:\n\n - Two Polymorphic Typing issues present in FasterXML jackson-databind related to\n com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers.\n (CVE-2019-16335, CVE-2019-14540)\n\n - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that\n the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of\n the X.509 certificate. An unauthenticated, remote attacker can exploit this to spoof SSL servers via a\n certificate with a subject that specifies a common name in a field that is not a CN field. (CVE-2014-3596)\n\n - A Server Side Request Forgery (SSRF) vulnerability in Apache Axis that can be exploited by an\n unauthenticated, remote attacker. (CVE-2019-0227)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2020.html#AppendixPVA\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2620236.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Gateway version 15.2.18 / 16.2.11 / 17.12.6 / 18.8.8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16335\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);\n\nport = get_http_port(default:8006);\n\napp_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'min_version' : '15.0.0', 'fixed_version' : '15.2.18' },\n { 'min_version' : '16.0.0', 'fixed_version' : '16.2.11' },\n { 'min_version' : '17.0.0', 'fixed_version' : '17.12.6' },\n { 'min_version' : '18.0.0', 'fixed_version' : '18.8.8.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T11:17:12", "description": "The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Coherence accessible data.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-24T00:00:00", "type": "nessus", "title": "Oracle Coherence (Jul 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-26049"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:coherence"], "id": "ORACLE_COHERENCE_CPU_JUL_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/178745", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178745);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2023-26049\");\n script_xref(name:\"IAVA\", value:\"2023-A-0365-S\");\n\n script_name(english:\"Oracle Coherence (Jul 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an ACL bypass\");\n script_set_attribute(attribute:\"description\", value:\n\"The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by a vulnerability as \nreferenced in the July 2023 CPU advisory. Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware \n(component: Centralized Thirdparty Jars (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and \n14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to \ncompromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized read access to a \nsubset of Oracle Coherence accessible data.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujul2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2958367.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26049\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:coherence\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_coherence_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Coherence\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Coherence');\n\nvar constraints = [\n {'min_version': '12.2.1.4.0', 'fixed_version': '12.2.1.4.18'},\n {'min_version': '14.1.1.0.0', 'fixed_version': '14.1.1.0.14'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:21:01", "description": "This update for axis fixes the following security issue :\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : axis (openSUSE-2019-792)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:axis", "p-cpe:/a:novell:opensuse:axis-manual", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-792.NASL", "href": "https://www.tenable.com/plugins/nessus/123338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-792.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123338);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-8032\");\n\n script_name(english:\"openSUSE Security Update : axis (openSUSE-2019-792)\");\n script_summary(english:\"Check for the openSUSE-2019-792 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for axis fixes the following security issue :\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack\n in the default servlet/services (bsc#1103658).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103658\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected axis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-1.4-lp150.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-manual-1.4-lp150.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis / axis-manual\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:41", "description": "Fixes CVE-2018-8032, an XSS attack in axis-based services.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-24T00:00:00", "type": "nessus", "title": "Fedora 27 : axis (2018-8a85ed2f10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:axis", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-8A85ED2F10.NASL", "href": "https://www.tenable.com/plugins/nessus/112100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8a85ed2f10.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112100);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-8032\");\n script_xref(name:\"FEDORA\", value:\"2018-8a85ed2f10\");\n\n script_name(english:\"Fedora 27 : axis (2018-8a85ed2f10)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2018-8032, an XSS attack in axis-based services.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8a85ed2f10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected axis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"axis-1.4-35.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:36", "description": "According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : velocity (EulerOS-SA-2021-2233)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:velocity", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2233.NASL", "href": "https://www.tenable.com/plugins/nessus/151771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151771);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2020-13936\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : velocity (EulerOS-SA-2021-2233)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the velocity package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An attacker that is able to modify Velocity templates\n may execute arbitrary Java code or run arbitrary system\n commands with the same privileges as the account\n running the Servlet container. This applies to\n applications that allow untrusted users to\n upload/modify velocity templates running Apache\n Velocity Engine versions up to 2.2(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2233\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f082ca00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected velocity package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"velocity-1.7-10.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"velocity\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T07:58:28", "description": "The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6281-1 advisory.\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. (CVE-2020-13936)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Engine vulnerability (USN-6281-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2023-08-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:esm", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:velocity"], "id": "UBUNTU_USN-6281-1.NASL", "href": "https://www.tenable.com/plugins/nessus/179653", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6281-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(179653);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/10\");\n\n script_cve_id(\"CVE-2020-13936\");\n script_xref(name:\"USN\", value:\"6281-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Engine vulnerability (USN-6281-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as\nreferenced in the USN-6281-1 advisory.\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary\n system commands with the same privileges as the account running the Servlet container. This applies to\n applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine\n versions up to 2.2. (CVE-2020-13936)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6281-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected velocity package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:velocity\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'velocity', 'pkgver': '1.7-4ubuntu0.1~esm1'},\n {'osver': '18.04', 'pkgname': 'velocity', 'pkgver': '1.7-5ubuntu0.18.04.1~esm1'},\n {'osver': '20.04', 'pkgname': 'velocity', 'pkgver': '1.7-5+deb9u1build0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'velocity');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:34", "description": "It was discovered that there was a potential arbitrary code execution vulnerability in velocity, a Java-based template engine for writing web applications. It could be exploited by applications which allowed untrusted users to upload/modify templates.\n\nFor Debian 9 'Stretch', this problem has been fixed in version 1.7-5+deb9u1.\n\nWe recommend that you upgrade your velocity packages.\n\nFor the detailed security status of velocity please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/velocity\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-19T00:00:00", "type": "nessus", "title": "Debian DLA-2595-1 : velocity security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:velocity", "p-cpe:/a:debian:debian_linux:velocity-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2595.NASL", "href": "https://www.tenable.com/plugins/nessus/147903", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2595-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147903);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-13936\");\n\n script_name(english:\"Debian DLA-2595-1 : velocity security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was a potential arbitrary code execution\nvulnerability in velocity, a Java-based template engine for writing\nweb applications. It could be exploited by applications which allowed\nuntrusted users to upload/modify templates.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n1.7-5+deb9u1.\n\nWe recommend that you upgrade your velocity packages.\n\nFor the detailed security status of velocity please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/velocity\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/velocity\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/velocity\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected velocity, and velocity-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:velocity-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"velocity\", reference:\"1.7-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"velocity-doc\", reference:\"1.7-5+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:09", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2821 advisory.\n\n - Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. (CVE-2018-8032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-18T00:00:00", "type": "nessus", "title": "Debian DLA-2821-1 : axis - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2021-11-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libaxis-java", "p-cpe:/a:debian:debian_linux:libaxis-java-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2821.NASL", "href": "https://www.tenable.com/plugins/nessus/155604", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2821. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155604);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/18\");\n\n script_cve_id(\"CVE-2018-8032\");\n\n script_name(english:\"Debian DLA-2821-1 : axis - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2821\nadvisory.\n\n - Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the\n default servlet/services. (CVE-2018-8032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/axis\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-8032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/axis\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the axis packages.\n\nFor Debian 9 stretch, this problem has been fixed in version 1.4-25+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaxis-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaxis-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libaxis-java', 'reference': '1.4-25+deb9u1'},\n {'release': '9.0', 'prefix': 'libaxis-java-doc', 'reference': '1.4-25+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libaxis-java / libaxis-java-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:35:38", "description": "According to its self-reported version number, the installation of Apache Derby running on the remote server performs a transformation on passwords that removes half the bits from most of the characters before hashing. This leads to a large number of hash collisions, letting passwords be easily brute-forced. This vulnerability only affects the BUILTIN authentication method. \n\nNote that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-03-03T00:00:00", "type": "nessus", "title": "Apache Derby 'BUILTIN' Authentication Insecure Password Hashing", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4269"], "modified": "2018-07-10T00:00:00", "cpe": [], "id": "DERBY_10_6_1_0.NASL", "href": "https://www.tenable.com/plugins/nessus/52536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52536);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2009-4269\");\n script_bugtraq_id(42637);\n script_xref(name:\"Secunia\", value:\"42948\");\n\n script_name(english:\"Apache Derby 'BUILTIN' Authentication Insecure Password Hashing\");\n script_summary(english:\"Checks the version of Apache Derby.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote database server is running software known to be\nsusceptible to brute-forcing of passwords.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\n\"According to its self-reported version number, the installation of\nApache Derby running on the remote server performs a transformation on\npasswords that removes half the bits from most of the characters\nbefore hashing. This leads to a large number of hash collisions,\nletting passwords be easily brute-forced. This vulnerability only\naffects the BUILTIN authentication method. \n\nNote that Nessus has not tested for the issue but has instead relied\nonly on the application's self-reported version number.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.apache.org/jira/browse/DERBY-4483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://db.apache.org/derby/releases/release-10.6.1.0.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marcellmajor.com/derbyhash.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Apache Derby 10.6.1.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"derby_network_server_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/derby\", 1527);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_service(svc:\"derby\", exit_on_fail:TRUE);\n\nversion = get_kb_item_or_exit(\"derby/\"+port+\"/version\");\nfixed_version = '10.6.1.0';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, 'Apache Derby version '+version+' is installed on port '+port+' and hence not affected.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:08:13", "description": "According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.3 or Jenkins weekly prior to 2.286. It is, therefore, affected by a vulnerability:\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-23T00:00:00", "type": "nessus", "title": "Jenkins LTS < 2.277.3 / Jenkins weekly < 2.286", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28165"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins", "cpe:/a:jenkins:jenkins"], "id": "JENKINS_2_286.NASL", "href": "https://www.tenable.com/plugins/nessus/148975", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148975);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2021-28165\");\n\n script_name(english:\"Jenkins LTS < 2.277.3 / Jenkins weekly < 2.286\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on a remote web server host is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins\nLTS prior to 2.277.3 or Jenkins weekly prior to 2.286. It is, therefore, affected by a vulnerability:\n\n - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can\n reach 100% upon receiving a large invalid TLS frame. (CVE-2021-28165)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jenkins.io/security/advisory/2021-04-20\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins weekly to version 2.286 or later or Jenkins LTS to version 2.277.3 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28165\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jenkins:jenkins\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'max_version' : '2.285', 'fixed_version' : '2.286', 'edition' : 'Open Source' },\n { 'max_version' : '2.277.2', 'fixed_version' : '2.277.3', 'edition' : 'Open Source LTS' }\n];\n\nvcf::jenkins::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:44:28", "description": "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to 17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to 19.12.0.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 used in Primavera Unifier.\n (CVE-2019-14540)\n\n - A memory exhaustion flaw exists in Apache Tika's RecursiveParserWrapper versions 1.7 - 1.21 used in Primavera Unifier. (CVE-2019-10088)\n\n - A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. (CVE-2019-0227)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-30T00:00:00", "type": "nessus", "title": "Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3596", "CVE-2018-8032", "CVE-2019-0227", "CVE-2019-10088", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-12415", "CVE-2019-14540", "CVE-2019-16335"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:oracle:primavera_unifier"], "id": "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/133359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133359);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2014-3596\",\n \"CVE-2018-8032\",\n \"CVE-2019-0227\",\n \"CVE-2019-10088\",\n \"CVE-2019-10093\",\n \"CVE-2019-10094\",\n \"CVE-2019-12415\",\n \"CVE-2019-14540\",\n \"CVE-2019-16335\"\n );\n script_bugtraq_id(107867);\n script_xref(name:\"IAVA\", value:\"2020-A-0140\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera\nUnifier installation running on the remote web server is 16.1.x or\n16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to\n17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to\n19.12.0.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A Polymorphic Typing issue was discovered in FasterXML\n jackson-databind before 2.9.10 used in Primavera Unifier.\n (CVE-2019-14540)\n\n - A memory exhaustion flaw exists in Apache Tika's RecursiveParserWrapper\n versions 1.7 - 1.21 used in Primavera Unifier. (CVE-2019-10088)\n\n - A Server Side Request Forgery (SSRF) vulnerability affected the\n Apache Axis 1.4 distribution that was last released in 2006. Security\n and bug commits commits continue in the projects Axis 1.x Subversion\n repository, legacy users are encouraged to build from source. The\n successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is\n not vulnerable to this issue. (CVE-2019-0227)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=325111950546185&id=2620236.1&_afrWindowMode=0&_adf.ctrl-state=nxv3x2076_4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b244b132\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Unifier version 16.2.16.0 / 17.12.11.2 / 18.8.15 / 19.12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14540\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_unifier\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_unifier.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Unifier\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8002);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_install_count(app_name:'Oracle Primavera Unifier', exit_if_zero:TRUE);\n\nport = get_http_port(default:8002);\nget_kb_item_or_exit('www/weblogic/' + port + '/installed');\n\napp_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '16.1', 'fixed_version' : '16.2.16.0' },\n { 'min_version' : '17.7', 'fixed_version' : '17.12.11.2' },\n { 'min_version' : '18.8', 'fixed_version' : '18.8.15' },\n { 'min_version' : '19.12', 'fixed_version' : '19.12.0.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); \n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:55", "description": "This update for axis fixes the following security issue :\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : axis (openSUSE-2018-1188)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:axis", "p-cpe:/a:novell:opensuse:axis-javadoc", "p-cpe:/a:novell:opensuse:axis-manual", "cpe:/o:novell:opensuse:15.0", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1188.NASL", "href": "https://www.tenable.com/plugins/nessus/118195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1188.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118195);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-8032\");\n\n script_name(english:\"openSUSE Security Update : axis (openSUSE-2018-1188)\");\n script_summary(english:\"Check for the openSUSE-2018-1188 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for axis fixes the following security issue :\n\n - CVE-2018-8032: Prevent cross-site scripting (XSS) attack\n in the default servlet/services (bsc#1103658).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103658\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected axis packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:axis-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-1.4-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"axis-manual-1.4-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-1.4-295.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-javadoc-1.4-295.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"axis-manual-1.4-295.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis / axis-manual / axis-javadoc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:36:48", "description": "It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)\n\nApplications using Apache Axis must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-09-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64 (20140915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3596"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:axis", "p-cpe:/a:fermilab:scientific_linux:axis-debuginfo", "p-cpe:/a:fermilab:scientific_linux:axis-javadoc", "p-cpe:/a:fermilab:scientific_linux:axis-manual", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140915_AXIS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/77700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77700);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3596\");\n\n script_name(english:\"Scientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64 (20140915)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Axis incorrectly extracted the host name from\nan X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2014-3596)\n\nApplications using Apache Axis must be restarted for this update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1409&L=scientific-linux-errata&T=0&P=1366\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd54dd9f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:axis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:axis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:axis-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:axis-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"axis-1.2.1-2jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"axis-debuginfo-1.2.1-2jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"axis-javadoc-1.2.1-2jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"axis-manual-1.2.1-2jpp.8.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"axis-1.2.1-7.5.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"axis-javadoc-1.2.1-7.5.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"axis-manual-1.2.1-7.5.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"axis / axis-debuginfo / axis-javadoc / axis-manual\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:05:38", "description": "This update for velocity fixes the following issues :\n\n - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates (bsc#1183360).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-03-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : velocity (openSUSE-2021-447)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:velocity", "p-cpe:/a:novell:opensuse:velocity-demo", "p-cpe:/a:novell:opensuse:velocity-javadoc", "p-cpe:/a:novell:opensuse:velocity-manual", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-447.NASL", "href": "https://www.tenable.com/plugins/nessus/147927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-447.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147927);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-13936\");\n\n script_name(english:\"openSUSE Security Update : velocity (openSUSE-2021-447)\");\n script_summary(english:\"Check for the openSUSE-2021-447 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for velocity fixes the following issues :\n\n - CVE-2020-13936: Fixed an arbitrary code execution when\n attacker is able to modify templates (bsc#1183360).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183360\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected velocity packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:velocity-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:velocity-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:velocity-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"velocity-1.7-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"velocity-demo-1.7-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"velocity-javadoc-1.7-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"velocity-manual-1.7-lp152.5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"velocity / velocity-demo / velocity-javadoc / velocity-manual\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:46", "description": "According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : velocity (EulerOS-SA-2021-1990)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:velocity", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1990.NASL", "href": "https://www.tenable.com/plugins/nessus/151036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151036);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2020-13936\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : velocity (EulerOS-SA-2021-1990)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the velocity package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An attacker that is able to modify Velocity templates\n may execute arbitrary Java code or run arbitrary system\n commands with the same privileges as the account\n running the Servlet container. This applies to\n applications that allow untrusted users to\n upload/modify velocity templates running Apache\n Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1990\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e54354f0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected velocity package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"velocity-1.7-24.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"velocity\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:16", "description": "According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : velocity (EulerOS-SA-2021-1858)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:velocity", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1858.NASL", "href": "https://www.tenable.com/plugins/nessus/149193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149193);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-13936\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : velocity (EulerOS-SA-2021-1858)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the velocity package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An attacker that is able to modify Velocity templates\n may execute arbitrary Java code or run arbitrary system\n commands with the same privileges as the account\n running the Servlet container. This applies to\n applications that allow untrusted users to\n upload/modify velocity templates running Apache\n Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1858\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09103746\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected velocity package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"velocity-1.7-10.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"velocity\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:19:38", "description": "According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : velocity (EulerOS-SA-2021-2437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13936"], "modified": "2023-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:velocity", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2437.NASL", "href": "https://www.tenable.com/plugins/nessus/153335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153335);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/30\");\n\n script_cve_id(\"CVE-2020-13936\");\n\n script_name(english:\"EulerOS 2.0 SP2 : velocity (EulerOS-SA-2021-2437)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the velocity package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An attacker that is able to modify Velocity templates\n may execute arbitrary Java code or run arbitrary system\n commands with the same privileges as the account\n running the Servlet container. This applies to\n applications that allow untrusted users to\n upload/modify velocity templates running Apache\n Velocity Engine versions up to 2.2.(CVE-2020-13936)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2437\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8ef2cfa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected velocity package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:velocity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"velocity-1.7-10.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"velocity\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T19:46:11", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5242 advisory.\n\n - In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. (CVE-2022-29599)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-5242-1 : maven-shared-utils - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-29599"], "modified": "2022-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmaven-shared-utils-java", "p-cpe:/a:debian:debian_linux:libmaven-shared-utils-java-doc", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5242.NASL", "href": "https://www.tenable.com/plugins/nessus/165547", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5242. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165547);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/29\");\n\n script_cve_id(\"CVE-2022-29599\");\n\n script_name(english:\"Debian DSA-5242-1 : maven-shared-utils - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5242\nadvisory.\n\n - In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted\n strings without proper escaping, allowing shell injection attacks. (CVE-2022-29599)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012314\");\n # https://security-tracker.debian.org/tracker/source-package/maven-shared-utils\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea968669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-29599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/maven-shared-utils\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the maven-shared-utils packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 3.3.0-1+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29599\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmaven-shared-utils-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmaven-shared-utils-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libmaven-shared-utils-java', 'reference': '3.3.0-1+deb11u1'},\n {'release': '11.0', 'prefix': 'libmaven-shared-utils-java-doc', 'reference': '3.3.0-1+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmaven-shared-utils-java / libmaven-shared-utils-java-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2021-06-08T18:49:03", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "cvss3": {}, "published": "2015-06-29T00:00:00", "type": "f5", "title": "SOL16821 - Apache Axis vulnerability CVE-2014-3596", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2016-09-01T00:00:00", "id": "SOL16821", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16821.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-20T21:07:56", "description": "\nF5 Product Development has assigned ID 479431 (BIG-IP), ID 530280 (Enterprise Manager), and ID 479431 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H530419 on the **Diagnostics **&gt; **Identified **&gt; **Low **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP AAM| 11.4.0 - 11.6.1| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP AFM| 11.3.0 - 11.6.1| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP Analytics| 11.0.0 - 11.6.1| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP APM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP ASM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache Axis \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 11.6.1 HF1| Low| Apache Axis \nBIG-IP Link Controller| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP PEM| 11.3.0 - 11.6.1| 12.0.0 \n11.6.1 HF1| Low| Apache Axis \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Apache Axis \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache Axis \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache Axis \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Apache Axis \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| Apache Axis \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Apache Axis \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Apache Axis \nBIG-IQ ADC| 4.5.0| None| Medium| Apache Axis \nLineRate| None| 2.4.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity **value. Security Advisory articles published before this date do not list a** Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "cvss3": {}, "published": "2015-06-30T06:43:00", "type": "f5", "title": "Apache Axis vulnerability CVE-2014-3596", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2016-09-02T00:24:00", "id": "F5:K16821", "href": "https://support.f5.com/csp/article/K16821", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2023-05-27T18:17:01", "description": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. ([CVE-2021-28165](<https://vulners.com/cve/CVE-2021-28165>))\n\nImpact\n\nAffected systems may experience resource exhaustion when receiving an invalid large TLS frame.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-15T17:23:00", "type": "f5", "title": "Eclipse Jetty vulnerability CVE-2021-28165", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28165"], "modified": "2021-10-15T17:23:00", "id": "F5:K15338344", "href": "https://support.f5.com/csp/article/K15338344", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2016-09-26T17:23:07", "description": "Vulnerability Recommended Actions\n\nIf you are using iControl Assembly 11.2 and earlier, the Apache **axis.jar** file is vulnerable to CVE-2012-5784. To eliminate this vulnerability, upgrade to iControl Assembly 11.3. To do so, download the latest version of the iControl Assembly package at <https://devcentral.f5.com/community/group/aft/1172123/asg/2>. \n \n**Note**: A separate DevCentral login is required to access this content.\n\nAcknowledgements\n\nF5 would like to acknowledge Brian Keefer of Proofpoint.com for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nSupplemental Information\n\n * [CVE-2012-5784](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784>)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2013-05-06T00:00:00", "type": "f5", "title": "SOL14371 - Apache Axis vulnerability CVE-2012-5784", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784"], "modified": "2016-07-25T00:00:00", "id": "SOL14371", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14371.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "github": [{"lastseen": "2023-12-01T20:29:51", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2018-10-16T20:50:58", "type": "github", "title": "Moderate severity vulnerability that affects org.apache.axis:axis", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2023-02-15T22:10:11", "id": "GHSA-R53V-VM87-F72C", "href": "https://github.com/advisories/GHSA-r53v-vm87-f72c", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-11T20:25:25", "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.\n\nIf Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered.\n\nSo, a cookie header such as:\n\n`DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d`\n\ninstead of 3 separate cookies.\n\n### Impact\nThis has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server.\n\n### Patches\n* 9.4.51.v20230217 - via PR #9352\n* 10.0.15 - via PR #9339\n* 11.0.15 - via PR #9339\n\n### Workarounds\nNo workarounds\n\n### References\n* https://www.rfc-editor.org/rfc/rfc2965\n* https://www.rfc-editor.org/rfc/rfc6265\n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T22:19:57", "type": "github", "title": "Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-06T05:01:53", "id": "GHSA-P26G-97M4-6Q7C", "href": "https://github.com/advisories/GHSA-p26g-97m4-6q7c", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:27:02", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-23T00:00:39", "type": "github", "title": "Apache Batik Server-Side Request Forgery ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2023-10-16T21:51:55", "id": "GHSA-C5XV-QC8P-MH2V", "href": "https://github.com/advisories/GHSA-c5xv-qc8p-mh2v", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:29:10", "description": "### Impact\nWhen Jetty handles a request containing request headers with a large number of \u201cquality\u201d (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application.\n\nThe only features within Jetty that can trigger this behavior are:\n\n- Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc)\n- `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc)\n- `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which \u201cpreferred\u201d language is returned on this call.\n- `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header.\n- `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app)\n\n### Versions\n`QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. \n\nCurrently, known vulnerable versions include:\n\n- 9.4.6.v20170531 thru to 9.4.36.v20210114\n- 10.0.0\n- 11.0.0\n\n### Workarounds\n\nQuality ordered values are used infrequently by jetty so they can be avoided by:\n\n * Do not use the default error page/handler.\n * Do not deploy the `StatisticsServlet` exposed to the network\n * Do not call `getLocale` API\n * Do not enable precompressed static content in the `DefaultServlet` \n\n### Patches\n\nAll patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php)\n- 9.4.37.v20210219 and greater\n- 10.0.1 and greater \n- 11.0.1 and greater", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-10T03:46:47", "type": "github", "title": "DOS vulnerability for Quoted Quality CSV headers", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-02-01T05:05:09", "id": "GHSA-M394-8RWW-3JR7", "href": "https://github.com/advisories/GHSA-m394-8rww-3jr7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-01T17:27:02", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-23T00:00:40", "type": "github", "title": "Apache Batik vulnerable to Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-10-16T21:51:50", "id": "GHSA-H4QG-P7R2-CPG3", "href": "https://github.com/advisories/GHSA-h4qg-p7r2-cpg3", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:27:02", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-23T00:00:40", "type": "github", "title": "Apache Batik vulnerable to Server-Side Request Forgery", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38648"], "modified": "2023-10-16T21:51:52", "id": "GHSA-53JM-3HC9-FQQC", "href": "https://github.com/advisories/GHSA-53jm-3hc9-fqqc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:28:06", "description": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.", "cvss3": {}, "published": "2022-05-02T03:53:13", "type": "github", "title": "Use of Password Hash With Insufficient Computational Effort in Apache Derby", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2023-09-26T16:04:43", "id": "GHSA-FH32-35W2-RXCC", "href": "https://github.com/advisories/GHSA-fh32-35w2-rxcc", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:30:01", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-10-16T20:51:15", "type": "github", "title": "Moderate severity vulnerability that affects apache axis", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2023-01-27T05:02:30", "id": "GHSA-96JQ-75WH-2658", "href": "https://github.com/advisories/GHSA-96jq-75wh-2658", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T17:28:53", "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.\n\nThis occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check.\n\n### Impact\nThis affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3.\n\n### Workarounds\n\nIf you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-06-10T15:43:22", "type": "github", "title": "Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28169"], "modified": "2023-02-01T05:05:51", "id": "GHSA-GWCR-J4WH-J3CQ", "href": "https://github.com/advisories/GHSA-gwcr-j4wh-j3cq", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:28:29", "description": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T20:32:36", "type": "github", "title": "Sandbox Bypass in Apache Velocity Engine", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-02-01T05:05:10", "id": "GHSA-59J4-WJWP-MW9M", "href": "https://github.com/advisories/GHSA-59j4-wjwp-mw9m", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T17:27:35", "description": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T00:01:49", "type": "github", "title": "Command injection in Apache Maven maven-shared-utils", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29599"], "modified": "2023-06-30T19:57:53", "id": "GHSA-RHGR-952R-6P8Q", "href": "https://github.com/advisories/GHSA-rhgr-952r-6p8q", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T04:05:50", "description": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.", "cvss3": {}, "published": "2014-08-27T00:55:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784", "CVE-2014-3596"], "modified": "2023-02-13T00:40:00", "id": "PRION:CVE-2014-3596", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-3596", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-20T23:47:48", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-22T15:15:00", "type": "prion", "title": "Server side request forgery (ssrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2023-10-30T02:18:00", "id": "PRION:CVE-2022-38398", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-38398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-18T22:48:22", "description": "Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T21:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-09-30T15:15:00", "id": "PRION:CVE-2023-26049", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2023-26049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-20T23:49:33", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-22T15:15:00", "type": "prion", "title": "Server side request forgery (ssrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-10-30T16:17:00", "id": "PRION:CVE-2022-40146", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-40146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:33:17", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-26T22:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-11-07T03:20:00", "id": "PRION:CVE-2020-27223", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-27223", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T05:09:46", "description": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.", "cvss3": {}, "published": "2010-08-16T20:00:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4269"], "modified": "2011-01-26T06:41:00", "id": "PRION:CVE-2009-4269", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2009-4269", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:52:07", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2018-08-02T13:29:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2022-07-25T18:15:00", "id": "PRION:CVE-2018-8032", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2018-8032", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-22T01:13:13", "description": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-01T19:15:00", "type": "prion", "title": "Xxe", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2023-11-07T03:14:00", "id": "PRION:CVE-2020-10683", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-10683", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-12-02T17:27:31", "description": "**Issue Overview:**\n\nApache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. (CVE-2022-41704)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\n \n**Affected Packages:** \n\n\nbatik\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update batik_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 batik-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-squiggle-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-svgpp-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-rasterizer-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-slideshow-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-javadoc-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-demo-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 batik-1.8-0.12.svn1230816.amzn2.0.1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11987](<https://access.redhat.com/security/cve/CVE-2020-11987>), [CVE-2022-38398](<https://access.redhat.com/security/cve/CVE-2022-38398>), [CVE-2022-38648](<https://access.redhat.com/security/cve/CVE-2022-38648>), [CVE-2022-40146](<https://access.redhat.com/security/cve/CVE-2022-40146>), [CVE-2022-41704](<https://access.redhat.com/security/cve/CVE-2022-41704>), [CVE-2022-42890](<https://access.redhat.com/security/cve/CVE-2022-42890>)\n\nMitre: [CVE-2020-11987](<https://vulners.com/cve/CVE-2020-11987>), [CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>), [CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>), [CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>), [CVE-2022-41704](<https://vulners.com/cve/CVE-2022-41704>), [CVE-2022-42890](<https://vulners.com/cve/CVE-2022-42890>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-03-02T21:49:00", "type": "amazon", "title": "Important: batik", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-03-07T00:19:00", "id": "ALAS2-2023-1966", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-1966.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T16:12:26", "description": "**Issue Overview:**\n\nApache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. (CVE-2022-41704)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\n \n**Affected Packages:** \n\n\nbatik\n\n \n**Issue Correction:** \nRun _yum update batik_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 batik-squiggle-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-rasterizer-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-slideshow-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-svgpp-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-demo-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 batik-javadoc-1.7-10.10.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 batik-demo-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-squiggle-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-rasterizer-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-svgpp-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-slideshow-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11987](<https://access.redhat.com/security/cve/CVE-2020-11987>), [CVE-2022-38398](<https://access.redhat.com/security/cve/CVE-2022-38398>), [CVE-2022-38648](<https://access.redhat.com/security/cve/CVE-2022-38648>), [CVE-2022-40146](<https://access.redhat.com/security/cve/CVE-2022-40146>), [CVE-2022-41704](<https://access.redhat.com/security/cve/CVE-2022-41704>), [CVE-2022-42890](<https://access.redhat.com/security/cve/CVE-2022-42890>)\n\nMitre: [CVE-2020-11987](<https://vulners.com/cve/CVE-2020-11987>), [CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>), [CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>), [CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>), [CVE-2022-41704](<https://vulners.com/cve/CVE-2022-41704>), [CVE-2022-42890](<https://vulners.com/cve/CVE-2022-42890>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-03-02T20:21:00", "type": "amazon", "title": "Important: batik", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-03-07T01:56:00", "id": "ALAS-2023-1695", "href": "https://alas.aws.amazon.com/ALAS-2023-1695.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-02T17:36:07", "description": "**Issue Overview:**\n\nA flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-13936)\n\n \n**Affected Packages:** \n\n\nvelocity\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update velocity_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 velocity-1.7-10.2.amzn2.noarch \n \u00a0\u00a0\u00a0 velocity-manual-1.7-10.2.amzn2.noarch \n \u00a0\u00a0\u00a0 velocity-javadoc-1.7-10.2.amzn2.noarch \n \u00a0\u00a0\u00a0 velocity-demo-1.7-10.2.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 velocity-1.7-10.2.amzn2.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-13936](<https://access.redhat.com/security/cve/CVE-2020-13936>)\n\nMitre: [CVE-2020-13936](<https://vulners.com/cve/CVE-2020-13936>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-14T20:45:00", "type": "amazon", "title": "Important: velocity", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-07-15T21:38:00", "id": "ALAS2-2021-1690", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1690.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-01T21:21:13", "description": "**Issue Overview:**\n\nIt was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)\n\n \n**Affected Packages:** \n\n\naxis\n\n \n**Issue Correction:** \nRun _yum update axis_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 axis-1.2.1-7.5.14.amzn1.noarch \n \u00a0\u00a0\u00a0 axis-javadoc-1.2.1-7.5.14.amzn1.noarch \n \u00a0\u00a0\u00a0 axis-manual-1.2.1-7.5.14.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 axis-1.2.1-7.5.14.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3596](<https://access.redhat.com/security/cve/CVE-2014-3596>)\n\nMitre: [CVE-2014-3596](<https://vulners.com/cve/CVE-2014-3596>)\n", "cvss3": {}, "published": "2014-09-17T21:47:00", "type": "amazon", "title": "Important: axis", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3596"], "modified": "2014-09-19T12:09:00", "id": "ALAS-2014-412", "href": "https://alas.aws.amazon.com/ALAS-2014-412.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2023-12-02T18:22:54", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * batik \\- SVG Library\n\nIt was discovered that Apache Batik incorrectly handled certain inputs. An \nattacker could possibly use this to perform a cross site request forgery \nattack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)\n\nIt was discovered that Apache Batik incorrectly handled Jar URLs in some \nsituations. A remote attacker could use this issue to access files on the \nserver. (CVE-2022-40146)\n\nIt was discovered that Apache Batik allowed running untrusted Java code from \nan SVG. An attacker could use this issue to cause a denial of service, \nor possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-05-30T00:00:00", "type": "ubuntu", "title": "Apache Batik vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-05-30T00:00:00", "id": "USN-6117-1", "href": "https://ubuntu.com/security/notices/USN-6117-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-01T16:23:01", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * dom4j \\- Flexible XML framework for Java\n\nIt was discovered that dom4j incorrectly handled reading XML data. A \nremote attacker could exploit this with a crafted XML file to expose \nsensitive data or possibly execute arbitrary code. (CVE-2020-10683)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "ubuntu", "title": "dom4j vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2020-10-13T00:00:00", "id": "USN-4575-1", "href": "https://ubuntu.com/security/notices/USN-4575-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:16:57", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * velocity \\- A general purpose template engine written in Java\n\nAlvaro Munoz discovered that Velocity Engine incorrectly handled certain \ninputs. If a user or an automated system were tricked into opening a specially \ncrafted input file, a remote attacker could possibly use this issue to execute \narbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-10T00:00:00", "type": "ubuntu", "title": "Velocity Engine vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-08-10T00:00:00", "id": "USN-6281-1", "href": "https://ubuntu.com/security/notices/USN-6281-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cgr": [{"lastseen": "2023-12-02T17:14:13", "description": "Vulnerabilities for packages: kafka", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-12-02T17:14:13", "type": "cgr", "title": "CVE-2023-26049 vulnerabilities", "bulletinFamily": "sofrware", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-12-02T17:14:13", "id": "CHAINGUARD:CVE-2023-26049", "href": "https://packages.cgr.dev/chainguard/security.json", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cnvd": [{"lastseen": "2022-11-04T05:20:31", "description": "Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.A server-side request forgery vulnerability exists in Apache XML Graphics Batik due to a flaw in the A flaw in the DefaultExternalResourceSecurity function causes the vulnerability. An attacker could exploit this vulnerability to conduct an SSRF attack to load the url via the jar protocol.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-26T00:00:00", "type": "cnvd", "title": "Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-38398"], "modified": "2022-11-04T00:00:00", "id": "CNVD-2022-73693", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-73693", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-04T05:20:31", "description": "Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploit the vulnerability to conduct an SSRF attack to access a file using a Jar url.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-26T00:00:00", "type": "cnvd", "title": "Apache XML Graphics Batik Server-Side Request Forgery Vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-40146"], "modified": "2022-11-04T00:00:00", "id": "CNVD-2022-73692", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-73692", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-04T05:20:10", "description": "Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format. Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw when calling the fop function. An attacker could exploit the vulnerability to conduct an SSRF attack to obtain external resources.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-09-26T00:00:00", "type": "cnvd", "title": "Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-38648"], "modified": "2022-11-04T00:00:00", "id": "CNVD-2022-73690", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-73690", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-06-05T15:55:13", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-08-02T21:18:45", "type": "redhatcve", "title": "CVE-2018-8032", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2023-04-06T05:20:57", "id": "RH:CVE-2018-8032", "href": "https://access.redhat.com/security/cve/cve-2018-8032", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-21T12:15:57", "description": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.\n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-31T01:30:18", "type": "redhatcve", "title": "CVE-2023-26049", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-21T08:50:37", "id": "RH:CVE-2023-26049", "href": "https://access.redhat.com/security/cve/cve-2023-26049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T17:39:07", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-12-20T17:05:08", "type": "redhatcve", "title": "CVE-2022-38398", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2023-11-11T08:11:02", "id": "RH:CVE-2022-38398", "href": "https://access.redhat.com/security/cve/cve-2022-38398", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:38:21", "description": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-02T15:02:57", "type": "redhatcve", "title": "CVE-2020-27223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2023-11-11T06:29:13", "id": "RH:CVE-2020-27223", "href": "https://access.redhat.com/security/cve/cve-2020-27223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-01T17:39:06", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-20T17:05:11", "type": "redhatcve", "title": "CVE-2022-40146", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-11-11T08:11:05", "id": "RH:CVE-2022-40146", "href": "https://access.redhat.com/security/cve/cve-2022-40146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:40:46", "description": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-14T11:33:01", "type": "redhatcve", "title": "CVE-2020-10683", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2023-11-09T01:31:12", "id": "RH:CVE-2020-10683", "href": "https://access.redhat.com/security/cve/cve-2020-10683", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T17:39:05", "description": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-12-20T17:05:08", "type": "redhatcve", "title": "CVE-2022-38648", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38648"], "modified": "2023-11-11T08:11:04", "id": "RH:CVE-2022-38648", "href": "https://access.redhat.com/security/cve/cve-2022-38648", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-02T17:38:16", "description": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-10T17:04:07", "type": "redhatcve", "title": "CVE-2020-13936", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2023-12-02T07:18:24", "id": "RH:CVE-2020-13936", "href": "https://access.redhat.com/security/cve/cve-2020-13936", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2023-11-11T20:45:30", "description": "Eclipse Jetty Canonical Repository\n=============================...", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-01T09:55:19", "type": "githubexploit", "title": "Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-11-01T11:28:04", "id": "9DD5B5AD-483F-59A3-9412-0B8F455B6CA6", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}, {"lastseen": "2023-10-31T18:37:54", "description": "Eclipse Jetty Canonical Repository\n=============================...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-10-31T10:53:27", "type": "githubexploit", "title": "Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-10-31T10:55:11", "id": "118FD91B-BB0A-5906-9540-38E7A734EC71", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}, {"lastseen": "2023-12-01T19:56:34", "description": "# Apache Batik SSRF to RCE Jar Exploit\n\n## Component link\n\nhttps...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-01T03:41:36", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in Apache Batik", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-09-30T19:44:45", "id": "5D9EABE3-971E-5747-9FD9-1B43A555CBF3", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}, {"lastseen": "2022-07-20T08:32:45", "description": "# CVE-2020-27223\n\n## Using\n\n```\n$ mvn spring-boot:run\n```\n\n### 9...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-19T03:50:45", "type": "githubexploit", "title": "Exploit for Uncontrolled Resource Consumption in Eclipse Jetty", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27223"], "modified": "2022-07-20T07:41:03", "id": "194C161A-A17E-51A4-97CC-179E45EC7253", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "privateArea": 1}], "wolfi": [{"lastseen": "2023-12-02T13:45:10", "description": "Vulnerabilities for packages: kafka", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-12-02T13:45:10", "type": "wolfi", "title": "CVE-2023-26049 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26049"], "modified": "2023-12-02T13:45:10", "id": "WOLFI:CVE-2023-26049", "href": "https://packages.wolfi.dev/os/security.json", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "zdi": [{"lastseen": "2023-12-01T18:38:03", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the DefaultScriptSecurity class. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-04T00:00:00", "type": "zdi", "title": "Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2022-10-04T00:00:00", "id": "ZDI-22-1327", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1327/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-01T18:38:08", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the DefaultExternalResourceSecurity class. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-04T00:00:00", "type": "zdi", "title": "Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398"], "modified": "2022-10-04T00:00:00", "id": "ZDI-22-1328", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1328/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2023-12-01T16:59:48", "description": "Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services (CVE-2018-8032). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-11-03T11:55:18", "type": "mageia", "title": "Updated axis packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2018-11-03T11:55:18", "id": "MGASA-2018-0431", "href": "https://advisories.mageia.org/MGASA-2018-0431.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T16:53:33", "description": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2 (CVE-2020-13936). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-12T19:59:59", "type": "mageia", "title": "Updated velocity packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13936"], "modified": "2021-04-12T19:59:58", "id": "MGASA-2021-0183", "href": "https://advisories.mageia.org/MGASA-2021-0183.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T16:53:33", "description": "A flaw was found in the dom4j library. By using the default SaxReader() provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE (CVE-2020-10683). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-17T16:07:01", "type": "mageia", "title": "Updated dom4j packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10683"], "modified": "2021-01-17T16:07:01", "id": "MGASA-2021-0034", "href": "https://advisories.mageia.org/MGASA-2021-0034.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T20:57:59", "description": "Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate (CVE-2014-3596). \n", "cvss3": {}, "published": "2014-12-26T17:04:58", "type": "mageia", "title": "Updated axis packages fix CVE-2014-3596\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3596"], "modified": "2014-12-26T17:04:58", "id": "MGASA-2014-0549", "href": "https://advisories.mageia.org/MGASA-2014-0549.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "gitlab": [{"lastseen": "2023-12-01T16:29:31", "description": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-10-16T00:00:00", "type": "gitlab", "title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2018-10-16T00:00:00", "id": "GITLAB-F3664DEA7C9C3BD1A6B7E11EF6D6F9D2", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/maven%2Faxis%2Faxis%2FCVE-2018-8032.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "atlassian": [{"lastseen": "2023-12-01T19:03:35", "description": "This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0 and 7.19.0 of Confluence Data Center and Server. \n\n\tThis Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires no user interaction. \n\t\n\tAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\t\t\n\t\t* Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.16\n\t\t\n\t\t\n\t\n\tSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).\n\t\n\tThe National Vulnerability Database provides the following description for this vulnerability: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.\n\t\n\t", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-11-03T00:46:20", "type": "atlassian", "title": "SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40146"], "modified": "2023-11-27T11:36:04", "id": "CONFSERVER-93178", "href": "https://jira.atlassian.com/browse/CONFSERVER-93178", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:44", "description": "[0:1.2.1-7.5]\n- Fix MITM security vulnerability\n- Use GCJ friendly patch\n- Resolves: CVE-2014-3596\n[0:1.2.1-7.4]\n- Fix MITM security vulnerability\n- Resolves: CVE-2014-3596", "cvss3": {}, "published": "2014-09-15T00:00:00", "type": "oraclelinux", "title": "axis security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3596"], "modified": "2014-09-15T00:00:00", "id": "ELSA-2014-1193", "href": "http://linux.oracle.com/errata/ELSA-2014-1193.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-03T17:06:09", "description": "[0.4-4]\n- Fix commandline injection vulnerability\n- Resolves: rhbz#2068651", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-29T00:00:00", "type": "oraclelinux", "title": "maven-shared-utils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29599"], "modified": "2022-04-29T00:00:00", "id": "ELSA-2022-1541", "href": "http://linux.oracle.com/errata/ELSA-2022-1541.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:26", "description": "[0:1.2.1-2jpp.7]\n- Add missing connection hostname check against X.509 certificate name\n- Resolves: CVE-2012-5784\n- Add patches to build with java 1.6", "cvss3": {}, "published": "2013-03-25T00:00:00", "type": "oraclelinux", "title": "axis security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-5784"], "modified": "2013-03-25T00:00:00", "id": "ELSA-2013-0683", "href": "http://linux.oracle.com/errata/ELSA-2013-0683.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "symantec": [{"lastseen": "2021-06-08T18:46:49", "description": "### Description\n\nApache Axis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks. Apache Axis version 1.x through 1.4 are vulnerable.\n\n### Technologies Affected\n\n * Apache Axis 1.0.0 \n * Apache Axis 1.2.0 \n * Apache Axis 1.2.1 \n * Apache Axis 1.3 \n * Apache Axis 1.4 \n * Oracle Hospitality Guest Access 4.2.0 \n * Oracle Hospitality Guest Access 4.2.1 \n * Oracle Instantis EnterpriseTrack 17.1 \n * Oracle Instantis EnterpriseTrack 17.2 \n * Oracle Instantis EnterpriseTrack 17.3 \n * Oracle Policy Automation Connector for Siebel 10.4.6 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nAttackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When possible, run client software as regular user accounts with limited access to system resources. This may limit the immediate consequences of client-side vulnerabilities.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. \n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nCurrently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.\n", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "symantec", "title": "Apache Axis CVE-2018-8032 Cross-Site Scripting Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-8032"], "modified": "2018-08-02T00:00:00", "id": "SMNTC-110516", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110516", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2023-12-02T14:59:43", "description": "\n\nJenkins Security Advisory:\n\nDescription\n(High) JENKINS-65280 / CVE-2021-28165\nDenial of service vulnerability in bundled Jetty\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-20T00:00:00", "type": "freebsd", "title": "jenkins -- Denial of service vulnerability in bundled Jetty", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28165"], "modified": "2021-04-20T00:00:00", "id": "E358B470-B37D-4E47-BC8A-2CD9ADBEB63C", "href": "https://vuxml.freebsd.org/freebsd/e358b470-b37d-4e47-bc8a-2cd9adbeb63c.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Apache AXIS is an implementation of the SOAP (\"Simple Object Access Protoco l\") submission to W3C. >From the draft W3C specification: SOAP is a lightweight protocol for exchange of information in a decentraliz ed, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a mes sage and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses. This project is a follow-on to the Apache SOAP project. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2018-08-23T09:46:20", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: axis-1.4-35.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8032"], "modified": "2018-08-23T09:46:20", "id": "FEDORA:B0F9260499C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q5PSL3445FAECTG4YYE7GBG6QIR75LAK/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Apache AXIS is an implementation of the SOAP (\"Simple Object Access Protoco l\") submission to W3C. >From the draft W3C specification: SOAP is a lightweight protocol for exchange of information in a decentraliz ed, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a mes sage and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses. This project is a follow-on to the Apache SOAP project. ", "cvss3": {}, "published": "2013-02-01T17:16:41", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: axis-1.4-19.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784"], "modified": "2013-02-01T17:16:41", "id": "FEDORA:BECED21863", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UTCHPQNTCSZDAXOFPFXPF7QCM4ZGASFL/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2023-05-26T10:21:29", "description": "Red Hat JBoss Portal is the open source implementation of the Java EE suite\nof services and Portal services running atop Red Hat JBoss Enterprise\nApplication Platform.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss Portal 6.2.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "cvss3": {}, "published": "2015-05-14T15:13:19", "type": "redhat", "title": "(RHSA-2015:1010) Important: Red Hat JBoss Portal 6.2.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3596"], "modified": "2019-02-20T12:20:53", "id": "RHSA-2015:1010", "href": "https://access.redhat.com/errata/RHSA-2015:1010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Apache Axis is an implementation of SOAP (Simple Object Access Protocol).\nIt can be used to build both web service clients and servers.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nFor additional information on this flaw, refer to the Knowledgebase article\nin the References section.\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll axis users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using Apache\nAxis must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2014-09-15T00:00:00", "type": "redhat", "title": "(RHSA-2014:1193) Important: axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3596"], "modified": "2018-06-06T16:24:05", "id": "RHSA-2014:1193", "href": "https://access.redhat.com/errata/RHSA-2014:1193", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-16T14:55:47", "description": "Apache Axis is an implementation of SOAP (Simple Object Access Protocol).\nIt can be used to build both web service clients and servers.\n\nApache Axis did not verify that the server hostname matched the domain name\nin the subject's Common Name (CN) or subjectAltName field in X.509\ncertificates. This could allow a man-in-the-middle attacker to spoof an SSL\nserver if they had a certificate that was valid for any domain name.\n(CVE-2012-5784)\n\nAll users of axis are advised to upgrade to these updated packages, which\ncorrect this issue. Applications using Apache Axis must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2013-03-25T00:00:00", "type": "redhat", "title": "(RHSA-2013:0683) Moderate: axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5784"], "modified": "2017-09-08T08:14:44", "id": "RHSA-2013:0683", "href": "https://access.redhat.com/errata/RHSA-2013:0683", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2023-12-01T21:04:33", "description": "**CentOS Errata and Security Advisory** CESA-2014:1193\n\n\nApache Axis is an implementation of SOAP (Simple Object Access Protocol).\nIt can be used to build both web service clients and servers.\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3596)\n\nFor additional information on this flaw, refer to the Knowledgebase article\nin the References section.\n\nThis issue was discovered by David Jorm and Arun Neelicattu of Red Hat\nProduct Security.\n\nAll axis users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using Apache\nAxis must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-September/082723.html\nhttps://lists.centos.org/pipermail/centos-announce/2014-September/082724.html\n\n**Affected packages:**\naxis\naxis-javadoc\naxis-manual\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:1193", "cvss3": {}, "published": "2014-09-15T16:46:18", "type": "centos", "title": "axis security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, &quo