Security Bulletin: IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities

2023-06-14T13:29:30

Description

## Summary IBM App Connect for Healthcare has multiple vulnerabilities. (CVE-2014-0107, CVE-2022-34169, CVE-2013-0248, CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-2186, CVE-2012-5783, CVE-2021-29425, CVE-2023-24998, IBM X-FORCE ID 220723). The fix provided resolves these issues. ## Vulnerability Details ** CVEID: **[CVE-2014-0107](<https://vulners.com/cve/CVE-2014-0107>) ** DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2022-34169](<https://vulners.com/cve/CVE-2022-34169>) ** DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) ** DESCRIPTION: **Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. CVSS Base score: 3.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) ** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) ** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) ** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) ** CVEID: **[CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) ** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. CVSS Base score: 6.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) ** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) ** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) ** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) ** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** IBM X-Force ID: **220723 ** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CVSS Base score: 7.5 CVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM App Connect for Healthcare| v6.0.1.0 IBM App Connect for Healthcare| v5.0.0.1 ## Remediation/Fixes Product(s)| Version(s)| APAR| Remediation / Fix ---|---|---|--- IBM App Connect for Healthcare| v6.0.1.0| IT41170| Interim Fix for APAR (IT41170) is available from [v6.0.1.0 IBM Fix Centra](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT41170>)l IBM App Connect for Healthcare| v5.0.0.1| IT41170| Interim Fix for APAR (IT41170) is available from [v5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT41170>) ## Workarounds and Mitigations None ##

{"id": "6BEA9F84DC62EEF2F81452A495EE058F7071A48DAFE4BA729BEFD2D5AB77F224", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities", "description": "## Summary\n\nIBM App Connect for Healthcare has multiple vulnerabilities. (CVE-2014-0107, CVE-2022-34169, CVE-2013-0248, CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-2186, CVE-2012-5783, CVE-2021-29425, CVE-2023-24998, IBM X-FORCE ID 220723). The fix provided resolves these issues.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-0107](<https://vulners.com/cve/CVE-2014-0107>) \n** DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2022-34169](<https://vulners.com/cve/CVE-2022-34169>) \n** DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n** DESCRIPTION: **Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) \n** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **220723 \n** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM App Connect for Healthcare| v6.0.1.0 \nIBM App Connect for Healthcare| v5.0.0.1 \n \n## Remediation/Fixes\n\nProduct(s)| Version(s)| APAR| Remediation / Fix \n---|---|---|--- \nIBM App Connect for Healthcare| v6.0.1.0| IT41170| \n\nInterim Fix for APAR (IT41170) is available from\n\n[v6.0.1.0 IBM Fix Centra](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT41170>)l \n \nIBM App Connect for Healthcare| v5.0.0.1| IT41170| \n\nInterim Fix for APAR (IT41170) is available from\n\n[v5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT41170>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2023-06-14T13:29:30", "modified": "2023-06-14T13:29:30", "epss": [{"cve": "CVE-2012-5783", "epss": 0.00238, "percentile": 0.61653, "modified": "2023-12-06"}, {"cve": "CVE-2013-0248", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2013-2186", "epss": 0.02681, "percentile": 0.89308, "modified": "2023-12-06"}, {"cve": "CVE-2014-0050", "epss": 0.15787, "percentile": 0.9539, "modified": "2023-12-06"}, {"cve": "CVE-2014-0107", "epss": 0.00544, "percentile": 0.74743, "modified": "2023-12-06"}, {"cve": "CVE-2016-1000031", "epss": 0.04227, "percentile": 0.91294, "modified": "2023-12-06"}, {"cve": "CVE-2016-3092", "epss": 0.04275, "percentile": 0.91343, "modified": "2023-12-06"}, {"cve": "CVE-2021-29425", "epss": 0.00266, "percentile": 0.63991, "modified": "2023-12-06"}, {"cve": "CVE-2022-34169", "epss": 0.00166, "percentile": 0.5313, "modified": "2023-12-06"}, {"cve": "CVE-2023-24998", "epss": 0.00769, "percentile": 0.79129, "modified": "2023-11-11"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6999671", "reporter": "IBM", "references": [], "cvelist": ["CVE-2012-5783", "CVE-2013-0248", "CVE-2013-2186", "CVE-2014-0050", "CVE-2014-0107", "CVE-2016-1000031", "CVE-2016-3092", "CVE-2021-29425", "CVE-2022-34169", "CVE-2023-24998"], "immutableFields": [], "lastseen": "2023-12-07T14:02:05", "viewCount": 15, "enchantments": {"score": {"value": 8.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["COMMONSHTTP_ADVISORY.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2022:5683", "ALSA-2022:5695", "ALSA-2022:5696", "ALSA-2022:5709", "ALSA-2022:5736", "ALSA-2023:6570", "ALSA-2023:7065"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-34169", "ALPINE:CVE-2023-27900", "ALPINE:CVE-2023-27901"]}, {"type": "altlinux", "idList": ["BF075169DAD9B6200F60D7B701FBB437"]}, {"type": "amazon", "idList": ["ALAS-2013-169", "ALAS-2014-312", "ALAS-2014-325", "ALAS-2014-344", "ALAS-2014-410", "ALAS-2016-736", "ALAS-2022-1631", "ALAS-2022-1633", "ALAS-2023-1738", "ALAS-2023-1779", "ALAS-2023-1861", "ALAS2-2022-1822", "ALAS2-2022-1823", "ALAS2-2022-1824", "ALAS2-2022-1835", "ALAS2-2022-1836", "ALAS2-2023-2059"]}, {"type": "archlinux", "idList": ["ASA-201410-2"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-8977", "ATLASSIAN:CONF-32557", "ATLASSIAN:CONFSERVER-32557", "ATLASSIAN:CRUC-8382", "ATLASSIAN:CWD-4355", "ATLASSIAN:FE-7164", "ATLASSIAN:FE-7345", "ATLASSIAN:JRA-61885", "ATLASSIAN:JRASERVER-61885", "BAM-22479", "BAM-22601", "CONFSERVER-32557", "CONFSERVER-90185", "CRUC-8382", "CWD-4355", "FE-7164", "FE-7345", "JRASERVER-61885"]}, {"type": "attackerkb", "idList": ["AKB:50E4E788-F15C-4987-B8E9-F024A7BA059C", "AKB:F05BE8C2-C144-45BE-BF46-5867A2CAAF15"]}, {"type": "broadcom", "idList": ["BSNSA22463"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:10371"]}, {"type": "centos", "idList": ["CESA-2013:0270", "CESA-2014:0348", "CESA-2014:0429", "CESA-2014:0865", "CESA-2016:2599", "CESA-2022:5687", "CESA-2022:5698"]}, {"type": "cgr", "idList": ["CHAINGUARD:CVE-2023-24998"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1094", "CPAI-2016-0684", "CPAI-2016-0699", "CPAI-2018-1066", "CPAI-2019-0232"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20181107-STRUTS-COMMONS-FILEUPLOAD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1DFE9585B9C1AAABE38F2402F4352EFD"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1659638796", "CLSA-2022:1661176564"]}, {"type": "cnvd", "idList": ["CNVD-2022-54910", "CNVD-2023-23552"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-0248", "CVE-2013-2185", "CVE-2013-2186", "CVE-2014-0050", "CVE-2014-0107", "CVE-2016-1000031", "CVE-2016-3092", "CVE-2017-1000394", "CVE-2021-29425", "CVE-2022-34169", "CVE-2023-24998", "CVE-2023-27900", "CVE-2023-27901", "CVE-2023-28709"]}, {"type": "debian", "idList": ["DEBIAN:DLA-222-1:38FAF", "DEBIAN:DLA-2741-1:6E441", "DEBIAN:DLA-3155-1:7F32C", "DEBIAN:DLA-528-1:BE307", "DEBIAN:DLA-528-1:C8771", "DEBIAN:DLA-529-1:758C3", "DEBIAN:DLA-529-1:DC84D", "DEBIAN:DSA-2827-1:2E9E3", "DEBIAN:DSA-2827-1:8A245", "DEBIAN:DSA-2856-1:D2DA2", "DEBIAN:DSA-2886-1:64DF1", "DEBIAN:DSA-2897-1:13B38", "DEBIAN:DSA-3609-1:174EB", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:2E149", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-5188-1:A22C9", "DEBIAN:DSA-5192-1:4B3DB", "DEBIAN:DSA-5256-1:A51E5", "DEBIAN:DSA-5522-1:8DAB6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5783", "DEBIANCVE:CVE-2012-6153", "DEBIANCVE:CVE-2013-0248", "DEBIANCVE:CVE-2013-2186", "DEBIANCVE:CVE-2014-0050", "DEBIANCVE:CVE-2014-0107", "DEBIANCVE:CVE-2016-1000031", "DEBIANCVE:CVE-2016-3092", "DEBIANCVE:CVE-2021-29425", "DEBIANCVE:CVE-2022-34169", "DEBIANCVE:CVE-2023-24998", "DEBIANCVE:CVE-2023-28709"]}, {"type": "exploitdb", "idList": ["EDB-ID:31615"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0"]}, {"type": "f5", "idList": ["F5:K15189", "F5:K15364328", "F5:K15595", "F5:K25206238", "F5:K42795243", "F5:K48758740", "F5:K63443590", "F5:K82392041", "SOL15189", "SOL15364328", "SOL15595", "SOL15741", "SOL63443590", "SOL82392041"]}, {"type": "fedora", "idList": ["FEDORA:13314305D426", "FEDORA:16D3E3076E49", "FEDORA:1B0852156B", "FEDORA:21CDE306EA30", "FEDORA:25F4A2151F", "FEDORA:38DE2220D8", "FEDORA:44AA5603A529", "FEDORA:58AC321FC4", "FEDORA:5B904214E6", "FEDORA:5D10B2170F", "FEDORA:77E4F6087EA4", "FEDORA:B1BFC302A933", "FEDORA:B62DF21B6B", "FEDORA:CF0AC608B5E3", "FEDORA:EA6192175F", "FEDORA:EE17520E26"]}, {"type": "freebsd", "idList": ["549A2771-49CC-11E4-AE2C-C80AA9043978", "61B8C359-4AAB-11E6-A7BD-14DAE9D210B8", "C1265E85-7C95-11E7-93AF-005056925DB4", "CBCEEB49-3BC7-11E6-8E82-002590263BF5", "D70C9E18-F340-11E8-BE46-0019DBB15B3F", "F68BB358-BE8E-11ED-9215-00E081B7AA2D"]}, {"type": "gentoo", "idList": ["GLSA-201412-29", "GLSA-201604-02", "GLSA-201705-09", "GLSA-202107-39", "GLSA-202305-37"]}, {"type": "github", "idList": ["GHSA-2X83-R56G-CV47", "GHSA-3832-9276-X7GF", "GHSA-7C2Q-5QMR-V76Q", "GHSA-7X9J-7223-RG5M", "GHSA-9339-86WC-4QGF", "GHSA-CX6H-86XW-9X34", "GHSA-F7F6-XRWC-9C57", "GHSA-FRGR-C5F2-8QHH", "GHSA-FVM3-CFVJ-GXQQ", "GHSA-GWRP-PVRQ-JMWV", "GHSA-H76P-MC68-JV3P", "GHSA-HFRX-6QGJ-FP6C", "GHSA-QX6H-9567-5FQW", "GHSA-RC2W-R4JQ-7PFX", "GHSA-V6C7-8QX5-8GMP", "GHSA-VM69-474V-7Q2W", "GHSA-XX68-JFCG-XMMF"]}, {"type": "githubexploit", "idList": ["20B5E925-0925-5D3D-A3A8-C49AA73BF6D2", "8EB751A4-B8A2-5393-AA52-266560429527", "BFEA664A-42A3-57A8-997C-08119CE73488"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:72DAB7B2D17DB4009F02A3C0AEC8A7AE"]}, {"type": "hp", "idList": ["HPSBHF03842"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140707-01-STRUTS2"]}, {"type": "ibm", "idList": ["003EEAA01459A306AB68412FF8934C8FB098CB79B53C2EA9F30A19A01EC737CA", "00B8BFFFE9EC2CDB467AF3D17608DB7C5E49C98591131C859F8ADA15204371EB", "01CFF49A8E945385D7DAF195723AF2400A442375CCE77F93B4CF72774A757E1D", "02208B95DC0377482AA2F9D9C05755BE90534C1B3F7475FC805AC14769FE9106", "031AB80137983FA206B8FD452A65FA0ADD155D250DA679ADC4DC628C2E106C7E", "068A9C19629A4476C34DD5CB8344B1AF643594BBDE982D1CFEC4144C7168B342", "06C8D02C038247F15E4D79EC7F9664B27635450E908F240B3E0213DF1114F10D", "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "08CA215DA4723C38799F9660F7D75091345A288B82A51DC0E9E4FD79547268EC", "0960290DF2FC619258731B7569ADA60DF596825AA7CBEE2BCC35BBF743BA7F06", "09B89CC8D25586C368092FB677B5A30D9BB75439C83AC02E0B400F381CCB8955", "0A6BBC4DFBB5FEFCEDCBE9F7C11994171A57DC8ECA368D2E6508C015BE0285CA", "0B2B4F3C69116BDAF9E28E6429DF102672CCED822798B196C1CBEEA81AD379B3", "0BC017C730A770E349E300089D6DB71D200CA299BDBFA58821787583FA3F9DB1", "0BC7DCE7D503E67F3503B549725499558715A26C46805B6062EA6DFAA64C50D1", "0C2BB43DF89AB651EB4868C14225E174A83EBF22C74E30A0801125F7BAB5FEA4", "0CD3C55D23EF6A3854413D6B77B0308F73405F8CB242F8337158678FAB58DBC5", "0D1060E5ABDA13ED7B41723370E8EECD9653B01BFAB3E94725DA29BBF5C49458", "0EA796D2A135ACAEACE32D980924643C5D803D02CD6483C9424AD2FB76F96821", "0F341A737C01B76C91936E371046C0B10C0B07790BE0C7AC799425ECE59E1C15", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "1029DD6F473AD662889F3629D432E043E9F3053CFAFEA7698ACCBEF97F9ED67E", "1071929E319DA2301B42C192AD319E3B6E2E74FD95170F6C359D22224A6C2385", "10A1C628C399C86E24C9D6A9B3952A5B25FBBB7072A52C80458F472DD864A956", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "12277D33F023D49A4635EDECB39A0984615C187AFB27843CEEABF15CDF9E0E02", "133379EBF1506E0E356F58A2F882A938C12C601959C068582635E9DC9E997C82", "147971FE5C036CD088B119D138AB1319139982977746AC6CC71DFCD52A6A4C7A", "14849B70FB8D1FD1B1485C3A35CC1AC4707F86D18C75B440EBA32375A28C39FA", "14D5845326705FBAAD23A23263B727D1734C312F54ACC3B31B0CD4B44040B7F7", "154959AD312743D0405AEAA761D472891EC4AB0DB42D62DF98414A64862177AA", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "15CC4FF31A1DE46652EF6155538BA9F196CB4AE25DF160DA9548558A555EF6C4", "167951D4CB6682B161C7C63B81A840E45EF18CAE83E9A3ED32C423308A35D68F", "16870C7D678B41BE58729B97907A8C3CF47C8E29D68373A23DE169E331EAFA48", "169A36064E8ED84E638FA39BC1C4CACB042BCF5968767A0B9DEC86E627D02FF4", "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "172E8A857C199BCE10B08A718612B7B83ED02952ADF1DE693EE2C676DADD4B46", "17AD7BAA4B4B92B376991EA6E2FDE807376B44743890E9D9B34CC80855CC7FB1", "1A0C394E076AB426784532B55EA4533B8651E34536E75462FAB28D5169F5C9A8", "1B4752C904C24A1FE87425ECA5E7ED1D759DA43CD3758CD8F574ADEA0D756030", "1C64C60FF7E1CBFCD884E71E282165D5AEB9D101B67656191098837D1F4D170F", "1CBF14BF6E7DC9C80BEFA3F522AB46F72EA7B112D6C374BAB753D65D931286DB", "1D7393A73F3F739D8C501E8159031F1129B0F2D5405D9D4D7415157612E5026F", "1D7A9620014C4105B221C6CDF92C1FEE1B525AEE56A16CA716E6FAE637E873E0", "1DA3D6D706ECAAEAD6DA37D47F841CF74690B2BC39CF2D0F990E5E369E062074", "1DEC7FD30C92434624557BDD1128B37921411BD17E6CDC7FBA2302EF3CDB8DDF", "1E1D5459FA30D3861530E28D1E1AC437754A27CFED729D3827A64AC283710736", "1E3E0F8712DE42413CFA3C998D244E1E55285AB7F90730AF41DF67F47116D981", "1EC9D814A44355A00FF42F8C8587C9E7C452415354E28A889935185CB4613BD7", "1F7A45CD4D73686FA6C9591207830D1B405EB9704E1C5F2BE5F439A0FE018D74", "1F88841EF607C8C56B8A1B71ABE8060E52F55D0ADDEFEC08F2E318BB0018DDEA", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "20A8C9A652EB6F265587C20856BEDE25B8955DD0EC8C344AE2D255F1F6329B04", "20F9F33B6ABF1F2F4E2137AAD45B70849BE435943E9405CBA6171546DB1EB0A4", "229A4B43FE77515F8665EB39BE40365AEA78A7E6905A77143AA0029AE91AE79C", "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "254982B133AF87964C8EDFD23D188B5AC76FD0D3823194E367660BA1FDE55EFC", "256D69C6A8C49FA921BFF6BD50DAECC1F4BFD09962DC3AA698602171A4AF9305", "256E1F8F6709F5FC0DAE05C99FBC9974E472CE742CCCF809FDF260D2816D5AA7", "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "269ED09DF8DEC59D6D5C76BBBEC1A3E9EB81FC2A6B977AF71E1341BCCE84CE32", "26A21EAB6D48BC0B0FBDEF4FB41A1271DC59BE46C75B209EB208E73B5D34D08B", "27B8E9FC98BA91ABC2C10006CF43B0739BDA7A3213E6F5DEF3851A7D59959B97", "27C77DFEA86DDDB161B3907058037A1C0741C92FE70D1735ECABE384FA1B4136", "28B021F2D8D39D4E83E6C63852CBEBEE61F7AD72D5AA4F92A6CD80ED3E4AC124", "28CBA14F2DF9254C1445C1338480DCFC0CE9E7605EA9BC20FEE2942EF21E34C9", "28E1A34D8B7AACAE238760E03EC7DC2D0E6A35DCA936AE45B1D6CE580679D06C", "291E96DE0C078D60C883AD45A64007F1377458CD24943A8A17D903204D52EF0E", "2922A3214BA6B1F2389D0599A3D1B88E8927FF0E60EE84B2531CF4E40C5EB5B2", "298EFC710D957A9290FACEB55B19B914046C39A7C201E511611F8F02DBCACB15", "2A0289568A16E75438F062DD5447BEE8F462BCBB11E9154045B8CB577F2DD29B", "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "2BA364CD4D41CC4BFDFFB60060C41147EE41D3222E8E78760211D69A8CF5E1C9", "2BBED71EE0BA911A3E002EAA0C18EB3B602904DEA97170D2D6E0034F54600AC5", "2C062B2B9737C79ABF2F5E409950756491AFDDCCF8A2E809A3B67D3F012BB6A6", "2C89CFD58F3D4EE971D17C1294FCDAF90987B18CD1793833204AB66E2BE29729", "2D12734997CB01FAC16AF70A7A7B6B7C873EFDAF53434FADBE8395F35152ACEF", "2D96D00F5924ACAC531BC2C7D636E3F9CDD965CB3F8032F8691096AB96A8107A", "2E2DAB1D3F0248164D32890A1B5FC1852F7D04953DD4AF93CE6613C69E2B77BD", "2F14223FB1EAFA3FF29C82C7B9EC536892A4B47BEDDD599811314DE0D7BC23F9", "2F200FBB59894B6C61093FCEA36C406171B66278070C89C8EB71A6FB9D948EBF", "2FB90089EB9D667B14EC1A2381FE021729CFA06B7D1F69FE29277A2EFE222029", "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "30E944423899C97DE4DF8B42653FBC4EECD1BB3EA4ACA172C5356ED7998E4676", "32EB8BE682985EED6CDB1D2FE6AAA4C3E1F475A6C6763236F416CF5D1908DDD8", "332EB7C24BEDDB6A08EB1D2E56168DBF8FB7B8EE1E89939D477827DEB2BC62FA", "33514D86EC3E53CD716A10BAE90D85505C35246CE910C3A4201123115A84E6E7", "34B76136C2EA2661CCC8207EF108E1C0F779F66F6576FF55C69EE28064801260", "34BF63E70EA27D9F60746A739865DFE44B65595E9889E78A737542AD9F7CAAFF", "350FE6FF19A771D5936C614E3F9D0B4547244D1825B5E19EF6E552AAA8ED02E8", "3530DF8DA972875E9B1FD6F767CF9BCE12DD28AEEAAF4F127105D1281DCB6CC5", "35686C1EB63C40DDD8A7DA88440C3AAC192F295F8E33DADF0ADC0B54C54F2FCB", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "36B9584E17AA5AF2507B4055D315F6471C0FAEB4DA5E11B3981F0D14B6267101", "37249F2CB82266F83D2BD38F77D3F4E383A6FFF8A62E52B41EAAE04D0CE04DA4", "3775C69E2AF4BA7619CDBD2A83614D7E909F52E07D1880C6357FAA3123E9420A", "379B42127397DA22B3063ACB9080CA1CDC4DD16E46385EB5871C4E7B8795DE59", "37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "389FF3B6A2E82A9E25B25BDC36D35080ACFCADCB6E9C2CBC82F68681AF48BCA2", "3AA4238E3C8678772B4A3CB4FA9CB203BF02D0C9B1BF64D8961A9F490FA5A0C0", "3B659ECA0A3490E43A993E28F17C28259C30674E3C1D43656C4A5B37F135FF29", "3BD924AB1914D06D60F032CE4061B3FB0D5473ECAA7B3D99C2DF77F4E5E7546B", "3C1FBA4D42604EAAC7D779A8FF0E91C3C77356E4B9960B4C6BF9711C6D103BC3", "3C97F4FCDC49A94A4DB2B097951AF0FB96BAC70BFAB9E075648D73A9D641F9EF", "3D06AFAAD22542FA483AAC68D77E91B7A2B272972D4F386444B504CB4050B732", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "3DD81BAD784F59BB9BF823B92CEB58BE36823EB8A478E3D24C5A8417A3D90A2F", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3EA91CAFF0D9F60D99FD2F1C4B84CE78492BE109F83D6BA678ADE77B96D70BFC", "3F13790AE76EB10E572A7130BA813E4E5C4DB5295F3A42B203AC0D2F87527E8B", "3F2E2F777F40F7264169D44FD3FA51D71EFC0E96B85819EAD6A2B40B175C81D4", "3F50B90AA067D7B221DE01833CF094A0A4B8DFCEFA2F20192B47FCC636918D02", "3F717878AA040EDAD8CB844C86E752D8C4D36133520C6E446279F923E229DE73", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "40143F0DA50617F5EA31C30CAE6F6341059E3F031BCE0BC7DBD9F120A3C1F432", "4072C39942198FA288CA301A6C2F9213A715552B7A9DD1177F87322136D13270", "40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "425388ECE1ADC07929410BEE459751DFD6F958476D182A188AADBC4797B87839", "43B14E28219E7D71D100CAA9789A85ECDDD506801D689B1DD5B96AEFD4997B3A", "43DA4697F34CF5D5A6799540E74541895D58CA735AF6018C2189B56DA5C5FD59", "43EA7D9D017D774D32A0D197F345A2CCB9AC632F5A3F17E7D34A94C65782172D", "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "442F8F54FC3C1B6C71C1B31769670C098381116E6549674B856D74B582257135", "4466AD26CE307CB6A498616A187AEFD6CA52B02D288C758691B19D45DC949F08", "448B36431D70C2FF876FBEC8D7CD3B51B5042A64B4AF7EEA7903D392CD01A757", "44A18DFD7F5D9011CD12B755B95787EB24DCC1EA3069BF0148652FCED5D9C989", "4613F5FBE822E46EFBDE0BEFB9DFF932DFF57574FD8ADDAA8B5EB509A776A53B", "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "4920DDCE68DC658F97DF96748F2596E622D67274084EE618B68FE8D0C827038D", "494EAC6DED2AE35E21EE2CDDCCEF3D9DC2E0A6224046209E48AE5CA445191511", "4957F3D517D2458E1B70243B6B3575DDA2BA8D8CB919506D98F31D99807E3818", "498E97A6B4176F7D555D72E8FED105BE0B504C9D48A4A15A669EC6EF0EAA8FE7", "49901ECEEAD43A7B78DB4958F32F55FA5CC90F26DA4A3A18C04B7A04C3B6FBA6", "4ABA2F40482D1BB4F7BCCBA50D5313C680D48BC0DA01540779A532AC16B13A71", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BBE38BD4C14663137CB5AC368F3844C03C1649121351CF9395210280F00AC37", "4BDE70E43A19F50FF60A2F5CB6ED1C095A92727557F41F17F3F3059A4D00A95B", "4BF223391C936C5664E65BE0C1633537E0B423C3C637E028FA4ABFD7531FC294", "4C024257AD7E9C83441C93605D5C5B18187F8CC456447E80E7EB40E8D951306D", "4C0DBF63A15F96E4F2164C15299BAC4C8BB35F5DA0A29941D47EAB5DD8E7F12A", "4C1A338CF9E32D910ADF92272943D15FCCABD0CBD1A41467417805047FE51FF4", "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "4DBA44304F47EF7ECE45895A39B792969DF13B68A2A2E0E0856148D8E2EB5060", "4E0CF71A698515A29D0ACA1BB71EC6A8B109B50F539EF3517671ABF65450A55C", "4E1D48EC96F0643D9C94D67DE163C4B8BB58939292C60BC744CB7586F23CDD4A", "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "5049E0390F7FB17FC4FB6FCDA949E23241366872E7987B7D22194E73DA48367A", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "519FC45136B546F07851768C8E91945B467263AB1181050DB68A2C1829DD655A", "51D76932A5074CEFE166544E71EEFE076AC2B628BC8BB22ADB147946546F595D", "5286AF354DA84BB562B116A3416B9C765F3ED708765C101691CABFF974122A28", "52B4D9D8F0C35A8ED4BF1E8C6B7007F0F22DE6776296FCD8048C0DB7F18162CD", "5309EC5EFB560C0EDAE9A1301EB479F223E61CEBC27B18D2F0F892C7B4171037", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "5450B853D5D7495F2342332666FDDBA8F85CE59B673349F3B598A062FFB99364", "54C6E83D4BDF6E6ADF5B194C223DC376C2D47C0CBD58899CB58072104014F60E", "553CECE9C100B39DB14E1B90E5DB712139DE9D59E22ED6F1740BB333DE3B6050", "55C6EB16408836E84C4255320770BC4F60934779CE325008D25B4951C20115C1", "55C908DF6E384DFF738E33489ABAD7D21E826199E00E40089C3D64248B3A4B8D", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "587A321966FF09AC7C78097FDCE004811F71AD2FE0599A2E3FEAE29C23E1F6D8", "5902A41E6B193100253C43987CCC82D3DCB47681EEACDC1CD8E3887329ED5E19", "59318B0CF4C1FAE586869CBD784AA3B2D670508ECC73EDF830A5E166B55DCF65", "59964EC5EB14A580799E1D581615AEB00776970886FAB1F0C2A55EA38320BC08", "59A1B0636D98E70A116246AA2BFCD42C6FA74A7F4BB8F121FC9D3E9780C420BE", "5A56DB45A2E9B8AD616DC1AFDDE7C63B0E668F8020845C4523DB45104DA0DEEB", "5C4C546238F2F066CCF4512373ED100B1789D0E3262D3D3FFC08EB28290965D0", "5D0EF01A9559B5552716917BA193D1298820848516CB3AAE2B74F8B32EA9B337", "5D4F062A535B083DCAFE40C555463FDC20B044731A77B663E5157BF58509D9D9", "5DAC43403A6D99FD575B46543303C4AE9DDB38B3F55FBF172BDEA1936A1DF2A2", "5E963A16D56492D265E3AD4BB10050F73E3DA9DE70902074CA74AFF7B978ADBF", "5FF2FB9820AC50D7E06EDBD91F0C4BDEA0193A87B7F933264FD1C8778B603274", "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "6097D8015AFBEEA139CD04B0695213519AE407C70058F9CA2120CAD2E9367C6A", "6109AF1F8D1815678E61E353B816288D20DB8DD1D5C49536DF782435D85C01D2", "61E88F158714BEAA0F08C8D926E83EF4256AEF70B5BACB477F9599CC59FBB8FB", "61E997F047F5D718D130F0304D30D3107153F1FBC61B69ABA3AB266E23714E8D", "62439DA1685C8834EE8D742776B2A816E2F759488A37A2E67FAF819FB474771F", "629818E44ECBBC14327D01DD31BD162798FE2E718C78D969624EEE5130B4EFF8", "64F98CAA227EB88D18D7029E2ECDFEFDB7B99976A83E5C903E2A61F4BC0F8FEF", "656937FA945DE5E58B9B5C0431A830AA521D479596EA01ACED0A20A166C4E3B3", "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "65F813DC5834BD7231C1E9BF8B4FA806B1F0B3DE4A4DE502EFD79E3DF631B9B4", "661E58A060EF9C8F748FA7ED6419C170D5C3494BB737AE7F8E89C2FAA010E787", "672ED98E9AB8BD15ACA2079635029450D742DBDD7246A12534BFFA7D54E83F8A", "681418AA2780D10FE3FE75923CF33BFCB1F9F3C8FD6FEF47FC5127CBC92BB2A5", "6834E3905AADC819DB5BF4042B617F874AC24BCB0AC2F484A2275161173B7A89", "68559405DB7C227F9F2C7A849A4C8E5A5808D3DAC3E754DF477FC2888257BB4F", "686AD7036FA377627F6CA627114C927BB78511D77E8CFBBBE65CCD394A5B7311", "691963F9E95CDFC72CEE9E9A0BB80C2D55A65843C8AD560337F091E6CC16A879", "697411C1D0B6EAAD03E8D2A5EB53C7D54B1A12C31BE0CB63F6EA92666FE7AECA", "6BD6355030BE86F4E188BDB745E0B585AE117958CAAE5235F8A7ACA01F38955D", "6BD8A28B17576E05E0B974C262EB42ADF09E98ACEB21D1D8CF08B3D64F137C36", "6BFA62BC112FABFA05C6C5C47562FC2C7D3EECB9F385BFCD8A861FE181F02933", "6C7EF094F5ADC8D9F28ABF3F2EB18A600C9A1FFD5B394603509AB166F1A6FEE3", "6CEF08A1A5A2589C6B108019F507F85264A6994B29790BC8B95F25B7959C7A69", "6EFA9355C55B0231C367714345B3388DCFE3B114F0B15441E8113A31816DBE6C", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70427712BA5BC5CC0FCAD9F41BE90E49714240938954BF076BBFB058FA595319", "7070BA75AD9272268135D5A4C79AF1BE8BF2BD1AD2A057457ACAA7D349BC9AAB", "70C73AD4566FDFC858E6E0D83ECBDBBA43987B0C7357F0DD02F6739B83B765E1", "70F7C16B884F3CA0489B9235F3CDA3FE2C0B53C46BD3767440928787F2FADAF1", "71E07A99DA9D5621A0AED22FD10266CEEEF11666E6DF11D0571D98EB5F505F66", "72AE35F20B717B7C40297FB7BC900AF2B2CDD1479B276B9683BF314AA76D4AED", "72F388362AF41C5685D24932E9104E4D10F2F34B4CB1D6A825C5735F1D4D2178", "73F295E4CA98A62DC32C3F4805623BBE6C4CCCD3F58645888D4CF9A556BEE309", "747FEECC07DAC55AFB648FD70182F8973D8D7E1568BF68438A356BA5AD3C9D80", "753750D99E84195C92FDB4519B938F223622C78B3BC3235E7F42F101031B017D", "75D402B2CEA61D69C553141E08DFD9743DA1DE8E0FE50384A99E9AD4F4E5B618", "7623EF01FDC9829334B2D3D28DD6B6F03B2A42D3B32CC0CE319C386E91549037", "76322F4FDE913CCFF696E95021198B9D1B68711EA0FBA9EE3CF9E433336206FD", "7683273D853201795DC98B316DD2C8B7DB84C63DD2868C0F87D00A09760EDC9B", "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "77B7CAE381C4424212AEAEB397E769B7E23CC650A3E848D4325ED33D9F9E416D", "78CFFC4D2D270C24EEDC9DA3C157BE051A6915432AF4FACB8946F44274B08376", "794873BC9AD688E503AC3D1ABF86B882A27BB23EE5F35879F934BDE72517A5D3", "7948B558E9BBB9D7B19D137E1C7944C490BD5D26DB24595F235B080A97AD570E", "795D3F68D07925B1C9C765AAF8DA73C30C8A6490AD9D7941029C418A30C9FF2C", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "7B21203D1B30C0BE7E1A612B6C3D5210527D7B8C07164E6454949E5F0B9AEA2E", "7B6A0EC4B0BDE7D3CCC734AA346757CF04E0ACCB853B4076CEA5505A64B850B6", "7C54A18FB1B4F98C0397F2B6C57BE1430063660AD37A56B1EB83290B72878DA0", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "7F49152296CEC8D5B01F759C14D244EE9DFFFC65E1D2E857203E7F16426E96DF", "8155B091E8A9E365D7BF4DC2FC7DA1113C991153BF54EDFFC2BCC3322D0D6281", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "824C3C357453D5DE63BBC950FFA9337EE570A12D2AE127952B78AAC9FDDDB9AD", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76", "83ACE9827AAA221AAEBB8FF39A79EDF0106D1E765567F4841188EA8392A197BB", "83DE818C5932FD800E5449ABA82FA7FDCAC7A0E2B41C5C07CC9E5CC56A3B9296", "8491CF1F3DD8116411BD720BFCBC2272BEB04446394152CADFC6BA73F4D21149", "84BCC81810DD6F3095D324DBBB3D00E2A34BEF28F90C89825218AABB1541D0E9", "84EE0B6B65D7981E610CE1341D669611BC09147C2C970E1916EE8AF8E9888A55", "85068BA05AFB9468D768F124D70E29FEAA718CF85C40196DF1FFB790C80EABFF", "85231BB9C1B55AF3E0C9262DD9D72D21FDD4C56501984963903928BFBF874F69", "858896131EA815FB74E9BDD335996EEADB31086755EBD223F4051866A0275C41", "865EA54168B3468F144D766A05C1D0F46688B9432D0F44CF7D073C51AD254CAA", "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "8780BC9CE2BB0677F47E2C4863425F9482973B47E148C25125FC42E69011487A", "8829256534FE2BF62485401A29CB451B9732F951FD2CF6C6C1036578D5075C94", "88F727F191CFFC37044A03CB83B1BC4AD832285EA66FE76EABF1CD38612CA6F6", "89FF7F8B61A12520AB7FF1082E27728246A177146F8972BFBF234E90EEBBC455", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8C18F8030274549454D17409D64C54EA8977ABB97F47F0C1BDD38AD8DF66DD50", "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "8D964A6D85AB92A093A54D98B52835DA52D646F29F4FB8F77B0F37827E6FEFB1", "8F7E9BC38CC1D5886DD8998C93E683C9367649830B463A9A5032011B60846A4C", "906C9EAE754E54F590FDCE4A48EB7695E618EAFE6B6543B720652975DFB3041B", "90F2E87CAB28D12C60942E0019A52F68E90731BBDF37587BAB21828E95F4FECB", "916289CD5D9C8E5E33D7DE91CC4F8F7F5D561CF5D9EE0270AA10F98B4F8E11B1", "91A09BEF644BBEBF5DD286339A6FD55D9C9F00D45A2B3B6CD9E6CAEAA453EC30", "91C68A3A81E7952C30AA3A075F77EB8ED22DFC3EBC76ED25A3AE5D91D1D3A332", "930FC3DBD61B7E8555AF191AB7E1E95834FBDFDFC85B66000C95954661FFE18D", "9397A1D33BE7AA9C3ADA2800E18BE5E3A6F643F513402668A22C5E40DDCB8EA7", "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "954CCA9ED873889627BBC9C424B1A6715E45B7C2711A730DBF475AA20AB5853D", "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "96AA6E96C459B552487D37879C1210BD7926BC641E7FD69543382941733FFB5F", "96B400A629016635BE698B4182ED121C51D888226F4491EF114BF41A423A0700", "96B854658FB25B1C41C7953D07DFA40702863F7DF3DA2149F3BC57ED6B4B5CAA", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "987312D6FC46CA3F269FCE6582D23DFEE688D79E6FE8D1293ED88A90F27657C7", "9885EF692D10F55B10165D028D563DA2E874C62358D512573E854BC6EF0EF9FE", "99F64D98F690693F39DF61C96D664A3E7AF1C0DB6275BB60AE89164876A62084", "9ADB48BEC0301F1E407A88196EDCE476BA67E3D354435DE808A162E1C1B16576", "9AEA0427FF2CD82F2B2209106517091DB3152CD2629B4BE8F83D8DC005BD43D1", "9B3B55B32968C55E20626DD8C4FD2B5C8B0E847DE167EFDC40A0B80D7134DDEA", "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "9C505D0DF28C92A468039A4944FA0FF025BD8FC548ACCD280157DA0CF3172339", "9C777C2836925BC3A3BCE8F8AF085A8DE343320BF6D36A5200D366181C59F003", "9C9974897D9032CCE40784D8D39546999D4563EDB691A9F8F85E7C125665ACFD", "9CB432086CEF99F1EA04A945397255BEE41DA5E77DC97EED949A03DD36D26386", "9CB47F3681AE5B7D12F10CA966CE8A67CBF5389D5BD8BF6FA783C961962CD31B", "9CEBA1B39CCB6811A505F9227D3A8589890E3374E0755D8A3C0854B9E7E74B4F", "9D2251C7FDA10740A38561E7092B8928C513374892065979F552A4112F8DB973", "9D9A01E02514803E9E0E5DD88830752E1595E1F1CC50F35B26CA6DC44AE2E184", "9D9F8496AA1AAAE7CF135E4A6F86B7D8F86173A0E558AD93AA10046F0ACAAE6D", "9DBEC753D4731F3169755A2E0DB634ADE1D525F4BB9B04BCA0E5932356CCCB75", "9E1F07A2C37F098FEFCB2CC183428F10F1BADFA05066A3F451120968CFD612B6", "9ED7227EE3C0F95FDA1547BF5800C9A93D4C1EECBE1B63DEE9DC43EC3E7287BA", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "9EF78FBAC5BAE9DF888A6FFF6C05A24978485D2BA38CD7F4AE27D23EAF71C96C", "9F1FB581B6AFF8334C1EAD6DEE1E31366C8D29EEFE26A24D1CCA363D74970A09", "9F22B509E7AB31AB1FD89A9DEAFB2BBC6F64C4CF63CC813D99B46621023BE591", "9F6890C2EB8C68FDD326DBF414D8007D2084DD3B5C2A62C2CF4370E2A3E67545", "A0ECE071B650D8F5EC02E601175D0E3683680641E4438CAB1D935DEB21EBDD49", "A13F938AA79D57021B953A77BB7F77514FF334329E0A290840B51BFF3BF61B87", "A20DD20D95C60578C655644D1A8A4C9E587B5A7916261AE7A525E0C7B766C3AC", "A380C4CD3FFEF0D1AD28C9019320AF0085267A1FC55FD33D40E61A6A71DFDFF1", "A3F6D65D3EA97E094C257339EC4715196C6675E29E7CB80EC727C62BC21B1B01", "A4EB252B4F9B1D9E6B670EA990F738AB583192588E1566F20330B6E3CFCB3AA1", "A5ACA9D08DD29AB239109AF58FB6B994D318DCD5424F5180E2376E622C4AE6D3", "A5CEBAD1E81B18416B50A8382AF2F4A60FF740FEC4D030FAB70ACE0186CFE7BD", "A72E5564BDFAD9E449BF73E363352CDC6113E85F5F2C1391EEAD6F21F5ACB1C1", "A857491C12F9690D2E334D725B20D01FDC9D61A02AE30B77254F5FA19329D7D1", "A8A1B567F944BADF2C3904883B086755440DF569158EEB6B0C8C2202276A6F6E", "A8A6B57EE1BC9F1473354B832D22D004059F832458042AA25CC089DAF316B910", "A8C4FAE86EAE65D0C1F3A30200BC3B099B396436A3DF948A48B8B78AEF01300E", "A95F0D6B3CF9A29C76ACC731709CAFC7669E8751464745D7E07486663A6EE993", "A9B608450EE2B2505174F8F497D891A822A15EB84A1C302BA28DE13FA45B34D4", "AA02BE79DCD02EDB1B362BC22E1303156066D6065A6A81B509F48BDDA3058239", "AAE68AA2EFC385FF3EBD4382FB866664D480CC7F1DD4B169227644E77ADC4B20", "AAFF9E87667B35D62A52D77B8E5C3A000AE2419974F7C14545C23704BDDC171B", "AC328B0BD7747247509DF824A76882A7ABF67BDC8C756027B0F8E60F14B5C2DD", "ACE26206FFB4E9BFC947C91835F27A6EA2B5E8DF0FF6B0C69F358731D4D9C900", "AEC0722767EA21CDE0F10129C001F976425E48E7F302D7C24108AFF251D12D6D", "AF3CBD718F3297D87FDA4616011F4CD425D9EBE3BB2880108811A5CAEF018EB6", "AF473DC6512526BD619CDC84446A9E97F3592BF1896ADFEFAAC3F278ACF471C7", "AF4FC0664321B298D91A7E7F3E0486C08B4A2F82D37A43AF0CDA98E43859BFCE", "AFAEB1F349C1EC474824FB1A977206D37ED292F910295BFDE1F9F28823F7E291", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B09323FD9F65F6065C7B68F00028DEBB77D6AFCCF024832FCF79623893150BE7", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B1BA4BC7E745A499101FD9143D2E31C7E6E0F57F30264DD60DCC485E0AD2AA07", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B30027B67E0900B9C9192B0EB28EA6D42DDFB696208646582631F912C14CE66F", "B314C20BF91C600149F279A906C6EBEE84E73ADFE2036985C9D6023680EB2CA8", "B38629E4EB10662332A23BB2924D34F359336E1D3E9E3EE24B04911C9A5A74B7", "B39CD4812B3555E9485AE2BF1A8127CD793140DA5720C377ED3302C8F2224531", "B4ACC50FB3EFBFCDCC381ED7E344E2F40C781747A414909444C31FECCA264613", "B569A853D72B998931834B4E507ABAC9BFD3A8D8EC956A6081EB37817B823603", "B5D3E3A7BE0F111D2F417A20765E84519E8C54376FB060E30AEE03429463CA79", "B62A0DF1BA325616E310706F59A3DD07DD7DC7356D343963E6F99C6D89411ED3", "B657C82FF782BA1258367C6D684FC8D8FB770735CAEAFECE9AC1D670085E21DD", "B6D98686FB4CE3794F12AA810C56116765161F3CB64E9212B301423AF70BBA48", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8DC16D7984D0BBBA4C1AF32274D163BB6450605EB784C1C3FB1AA833F622DDD", "B99FB79D872511BA4AC9EFFAE77B4B64B5F836318D8264BACDC3891795B6FB88", "BA641051633E4D947A94268037F8B8865B6EE865868B44CAAC2ACF192C454E89", "BA84392D3F11FD2DE3FE0A8FC9E00B1D08953778839774F716912228DD61BCC2", "BABF5F87446773F486C4241A55805D7AF675A10E3D8F7FB739A641C0B3FD8389", "BAC0ECD094048AB5764245E3813A4B3FD7B15C38CF78917E44082B74A378C2E8", "BAFE1432B61D78F2B29438C3606D2D46643F4DA3DFC6DD0FB0C4962ECD44C150", "BC4CE6FA6231522277B8CDD6EBE913273E804C9EC6F8EA56F64C54D931A5F0A3", "BD6AE1C01578D2358D9720998260BF5FCA8B53021F548065995F3783AB704E64", "BDADF9A01D9660DA0A520C62C15482DDAD45F4B68F6316BC4F17A7356B308B0E", "BDBF622ED54E04DDE128CEA2D630EFCE5F44E8A8A81BCBF1E3ABE13DF52C631F", "BE40ACF27D8AE17579CFB2450280D344E32F14B5AFCC639EDB71C9D294778D10", "BE49C929AC26CA534C88885015C71D1387E44CAF7486CA36876CB2168B74AD1A", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "C054DE525045D4972972C9A7C5876A4C8720E0C0C8D341264A0FEEB56B8EB5DD", "C09F3B9F4DBF9D0B77B16FD94B3CE34CB06275924A75E85EBBA3F1FD3FFBD2BC", "C1F769D030FC2C40F30870B89602B6E37C63D9738974975088F5749826F8EED3", "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "C23DCC9148257FA64991DBAA915D0F26FF1220405B33493B5C4DA79CC6DA13A5", "C2EB2F0822ED669C33500FC32C03E75432DFA2D283EA367383B6D1782C043C6D", "C3B567818F0068A4E76BF412FA5CD0354D004804480FA49A2095407B12E1C65E", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C4495578DFC2AF6BF1D2F3D8F5217307759E493A1C62E3F8F440FB6B59A05B65", "C5C7D84C444F9CFB8E5CCE24264C09F1C183065FCCD248E0A1BBAD57CCD8C3D6", "C5DFD6DDF0D044C736F3F1427CBB14FC5CF33A1F5084FA65609536B85A5FB9AF", "C730CFD834444EF19FA3EA0A15133CDD98DC3E5D5A9586B5ECDB0997867EF4CA", "C99B3CF5E0C30EDD67EC0E6E4726E2E6DFC139B986DAA387637216BB3413077B", "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "C9E756FDC2D170A759D074368FA581B4BDE59726C48E93D77387BFF9A0BD269B", "CA2093DC8F100BDA77872F77499D1D296929E8C57F9F8690BCE643677114026B", "CA3FBFB8EA3EF658E824E595E953CB7D32C79004F37EDF6F4561B92F38A2FF7F", "CA49B7C63554D1CAFF30E7D6E04025376352C07DA4ECB985E5EC9931DC2968BF", "CAF8FA62D33B27B2B339B73B397B61030565E15C0A1D48E870DC42E60E535371", "CC243740CD3B53A01DF4E651121A1CF73F8EEFC3E281BC9547CFF72915213611", "CCE8671153F728CAB0724783796D490FA3C198DC9AAF1E254ACD2D021433E8D7", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CE2C32923110950C9D013D80A09482A5900EB5D3115492E814259A25A326B42D", "CE86C65D4B6A07761DAA0D487B3106D7B6E23CE3D234B3E9AE2495B793A4D367", "D073E08AD140CB6620590BE3498F8D2736D636AB608813B1FECA6FBC21280451", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D1C70BE32DEEA561F5BD20121B6CE6B04522C3B0A34D7DF273B2AA52F0E58277", "D21E913C6ADECF8EF09DE3D9AEE7C0E5E9B0753FDE5C8D754FBFEF41B5821AD7", "D27D3969EE4BA0A1A5AA1BA800846A07534DF3DA291CD53AF39E4E1841E9F2CA", "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D33BBD3C5F74DBFB7700F90DA29C0A0F17319D5EFCD29BE614C5EEA53697BBA1", "D4211B02FBAB148D2434B40D5A6AB3817B90113685B8EB84B8D8021D3D23E01C", "D4DE6712F2F35B838F205CAC3A425B0E205068FC84A9F77F423B4AFAEF5F5EA9", "D4E5C893A250FEAE3B156BCBD1DEEF2119A50FFC25619BC8C5AF90EB197582DB", "D56E9A029B0B30DC42969EF0929756E06A14281AF3866CA78312998295D24570", "D5934C683F70DCBE4AED04C1CC98975A5321914D3F2282A47A2535F0FC4F1834", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D5EE3EC14E7ED1E552E08E1001CECA43D603E6701AEAE8DAC86B2CBB34B5F3BF", "D66B903250F05C7E6F628063E46BB788B758ACF5470BDBDCE9A7DDCF98ED3362", "D69CAB0B695FDB3F4A13D03095C9000050A31CA1EEA0F9ED3CBD01DC6FA43F1A", "D746FCC42AA4EACDC97DAC1D5692FFB0BC18A7F167436F4A8BC474A41F66704A", "D81266EEF9A30224B03C1D4084FE2FB22F1A32AE3AEF1D43DC3CA53C8F5BCAA6", "D950619DB7DBEDCBA810D44C7EEF000A21A949756B5275745417886701A28B2C", "D976CAEED746DBFCD5B5D50BF9560BA40C34FB64BC3852FCE1CDE24C3076CD2E", "DB68C8666C18AFC83A85EECDD8ABEF0A5F62BEEA4C9766E31EBEA828ED452BB7", "DBEEBEA67BF53D06F2B67D1EC250BC6DC481E7E1D95538F33DA149848FB8D480", "DBF3688DBA798444F3C298FA2AC7CFA893F49EE4F4F4469F192EA874C9A777D6", "DBFDA759395DD0AC7E179D05997E87AB15AB4D48C40F4A4663CE4C860E9BCA2B", "DC1C3699407A2D154DBC81C729D0CA67686A88DD7C1EE8FEE0497F1A0D8EE6B0", "DD5BF5116E5741EB672335643731F4B54ACDBD92F34C019A128C14DD0EF87E44", "DDC1BEEB81F391267DB47A5E11F4E7D90ADD28F367B1C4E5B00E1FDF2B500D43", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DFB4A89370117A0C76AEBA610891449C199F7498B60521F9612F1A48A7736A6B", "E05CC151FBA87195514CB65A3CB00BD8B2697F1C08602EC6A35EBF3E97CE31AB", "E0C2B6F0E314050BB447403D579B53424CC1049AF389D655702784204E52D1BD", "E12AC4164A95297C0432973D30F603FA386B4210C32C90DA21EC4D23B1C17983", "E143583639D054AA8FE69FA00A9B2C711903F95581EE6F26FFBD1FCD98532960", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E1AD32CFB502AD0992E7A72B37C0A60469CA549BD959889654B8CC67A43CAF11", "E227F6C1872E7F9A67C37F74BF85374865A13419EF761CE2F141A77A56686485", "E41DB3BE42FBB098E24A8665578CAC1A1B7E8557F404FB6F24D4B6F961A9D4B3", "E600E0C30FA57438BAA328F6729F104613C088264EDBAF41A037C964282DC8A6", "E709674FBABF3ACF153296465B387FAF06F18F887BD2A7754503B905294A1BED", "E7B26F1EAEFB4260D24EE36CC6F4BF7A433546C3ED0AB3E0C2C3FEF44B61DA61", "E8502415402D8DEE3757A91FDF5FC83A369265B0F5E2AE2A7246A3FC800EEE8B", "E865AEC861081DF4FF67DBF0B04D3E134D71A5914681CD7C13E100D35E6CDBA7", "E8EEB32757FCFDA746B60EBA71D8922DF48CC00375BF0160ABE189EB75238BD7", "E95C513C81DFA803C5A853C9D2DFFDF741B2BF08BBE6DAABA2EE0C2BDE4DDDC2", "E9CDC7558DA989941146B3A84A11854BD9E2194AC94082893AAD204FB055A96A", "EB5D8C6E2448BC74380F4101662EE13D053367E89D5119DB578AEA896E494A4C", "EB97D72FB1E7456DA0AEB152F7D38EA76EB1710E309CFEBAAEC6409669F64B5E", "EBAE8A338E4C3BC0B76E371B33FC5C8FBDBB13AABDCB226379C80DDB6E29CF21", "EBCC12197854D7C444B518B80A223576FCB219A088A0CC929C19FF2993DC431A", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "ECEC5A699718FA47579124ABEF1CC172577C00D6813161930894878E0B0D8EAB", "ECFAD8E6C02ED1FDC660B7F94B3208DFF757AAB82DA3254B7ACBC8A758CB95BF", "EDCF2E68ACD973727361751379D03614E328717BE15786687654550AC960EF96", "EE00DD4DC4E89EDFE827D00E23422E952D8AE45D3D37FB7B3324DAC341D2A4B5", "EE7D5FC311EDDD74400E79AAECF24A3DE3AC29BFEC231105E6C6DB7D45D4329F", "EEC05ED6259DA0769C816A300C9655A2B000A71FD344EEBAF3C3C7534CF688A4", "EF6F3054C69B0652A8D924EF7CC358C71FF9B83399CEB702D86D3A4C6EAFC3AC", "EFAFEB4BBDCD09CB8092BF34BF1DF6E8940256BA8189C4734656E48E9BEAB09A", "EFC446973169CE75A82B0414B6EEF35DEF3A2D4A3904DF4C568A776C1F269E2C", "F06557E676BEE33840ABDCBC8B63800AEF257D21E96813D19608264A0DF5ED04", "F081AA9E389DA8704A0ED815A4AEB867FF005489C1596C9B9CD8696FCA6AB63C", "F0C452EE48E8505188BF8AB45419E7E332E42EB59E328C7C8B8432E5E61A1850", "F0D697BCEF4A8A1CF04A7209C24CFB2E3B80AA3B9D8BB629D8DCBD87B58FB387", "F10B278BFBFA868C361722B3DE18CDFFBEA415174A88751DEB4AB93FA4D5705C", "F15BA9EC0C1FC4624C7DDC90D046A7A3558B86CF13B121A8778B5BA8562491DC", "F1EC5D4551244A16FA4089F1A2978123216790C3873FA1FE248F1579895E1483", "F26A74C5375F6738F3160B3D272645260FE04D2717F9F7B52673CFE0A8C201C7", "F43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0", "F479B1D4D6CE6F94562BE83AEBC7D30E6633A6727AB24138B99039D7EB3AB70F", "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "F635FFE721BC997985018B42B724BE4FEDE2E1F9F930A39573A5A1002F559401", "F64DA47FC3702B8685BBFAF6F11CB66B162143A42893C2917F13E1D839D0A9E6", "F6C2D7B519A05770991554475891717CAC8A17440E6CE3D0FD4BCFA2DABBDF41", "F6F81EC2A93E77E4D599C827E29E48EFC512C7EB406ED8ADA47D239D81A82F3B", "F8949F00CDCE086FCFA5F40AFADF9DB9E3B4DD10AB910034C41279EA96313C2A", "F9733852E74294E6BF91BFC8E0D7790521726ED7E5FD3358C473AA92D450B69F", "F976E6D48149579C30755509014967F1B6A7163FEAAB9453EBE9572696C3DDDD", "F9CB770C5B8A2294DF8EA0EF427572827C6FA0BB5C5E3EA1766A8830336C32AE", "FA93088E0503A6A34E814C8E30394F7485A7BF6FD7DA672BA150547158952766", "FB301BD274079F5B2C88A19B0C86981A277D606738CBEB57758A65ED178BA0FC", "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108", "FCF41F8A3E1357E712A6897ED638066B50BE36F92A611FD20DEA6527B5011626", "FE46737CD4E9FE3F31A0EA0B1D2559FF68EF3A49CB69F049F5699A13B1918EFF", "FF926082F3A0FA7204775F0ED20D294D732CB21CC9B0E2027EB4813FF0192072", "FFBD74E0F454FF6A49CA3F34C7271269653B26F1B1272560F1EA3CC07A2021C8"]}, {"type": "jvn", "idList": ["JVN:14876762", "JVN:89379547"]}, {"type": "kaspersky", "idList": ["KLA12588", "KLA40220", "KLA40221"]}, {"type": "mageia", "idList": ["MGASA-2013-0199", "MGASA-2014-0109", "MGASA-2014-0110", "MGASA-2014-0152", "MGASA-2016-0260", "MGASA-2022-0435", "MGASA-2023-0070", "MGASA-2023-0138", "MGASA-2023-0191"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787046"]}, {"type": "nessus", "idList": ["9699.PRM", "ACTIVEMQ_5_15_5.NASL", "AIX_IJ44987.NASL", "AIX_IJ44994.NASL", "AIX_IJ45221.NASL", "AIX_IJ45224.NASL", "AL2022_ALAS2022-2022-111.NASL", "AL2022_ALAS2022-2022-112.NASL", "AL2022_ALAS2022-2022-113.NASL", "AL2022_ALAS2022-2022-119.NASL", "AL2022_ALAS2022-2022-120.NASL", "AL2022_ALAS2022-2022-121.NASL", "AL2022_ALAS2022-2022-151.NASL", "AL2022_ALAS2022-2022-152.NASL", "AL2022_ALAS2022-2022-153.NASL", "AL2023_ALAS2023-2023-238.NASL", "AL2_ALAS-2022-1822.NASL", "AL2_ALAS-2022-1823.NASL", "AL2_ALAS-2022-1824.NASL", "AL2_ALAS-2022-1835.NASL", "AL2_ALAS-2022-1836.NASL", "AL2_ALAS-2023-2059.NASL", "AL2_ALASCORRETTO8-2022-003.NASL", "AL2_ALASJAVA-OPENJDK11-2022-002.NASL", "AL2_ALASTOMCAT8_5-2023-001.NASL", "AL2_ALASTOMCAT8_5-2023-013.NASL", "AL2_ALASTOMCAT9-2023-001.NASL", "AL2_ALASTOMCAT9-2023-008.NASL", "ALA_ALAS-2013-169.NASL", "ALA_ALAS-2014-312.NASL", "ALA_ALAS-2014-325.NASL", "ALA_ALAS-2014-344.NASL", "ALA_ALAS-2014-410.NASL", "ALA_ALAS-2016-736.NASL", "ALA_ALAS-2022-1631.NASL", "ALA_ALAS-2022-1633.NASL", "ALA_ALAS-2023-1738.NASL", "ALA_ALAS-2023-1779.NASL", "ALA_ALAS-2023-1861.NASL", "ALMA_LINUX_ALSA-2022-5683.NASL", "ALMA_LINUX_ALSA-2022-5695.NASL", "ALMA_LINUX_ALSA-2022-5696.NASL", "ALMA_LINUX_ALSA-2022-5709.NASL", "ALMA_LINUX_ALSA-2022-5736.NASL", "AMAZON_CORRETTO_11_0_16_8_1.NASL", "AMAZON_CORRETTO_17_0_4_8_1.NASL", "AMAZON_CORRETTO_18_0_2_9_1.NASL", "AMAZON_CORRETTO_8_342_07_1.NASL", "AZUL_ZULU_18_32.NASL", "CENTOS_RHSA-2013-0270.NASL", "CENTOS_RHSA-2014-0348.NASL", "CENTOS_RHSA-2014-0429.NASL", "CENTOS_RHSA-2014-0865.NASL", "CENTOS_RHSA-2016-2599.NASL", "CENTOS_RHSA-2022-5687.NASL", "CENTOS_RHSA-2022-5698.NASL", "CLOUDBEES-SECURITY-ADVISORY-2023-03-08.NASL", "CONFLUENCE_CONFSERVER-90185.NASL", "DEBIAN_DLA-222.NASL", "DEBIAN_DLA-2741.NASL", "DEBIAN_DLA-3155.NASL", "DEBIAN_DLA-3617.NASL", "DEBIAN_DLA-528.NASL", "DEBIAN_DLA-529.NASL", "DEBIAN_DSA-2827.NASL", "DEBIAN_DSA-2856.NASL", "DEBIAN_DSA-2886.NASL", "DEBIAN_DSA-2897.NASL", "DEBIAN_DSA-3609.NASL", "DEBIAN_DSA-3611.NASL", "DEBIAN_DSA-3614.NASL", "DEBIAN_DSA-5188.NASL", "DEBIAN_DSA-5192.NASL", "DEBIAN_DSA-5256.NASL", "DEBIAN_DSA-5521.NASL", "DEBIAN_DSA-5522.NASL", "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-329_4_0.NASL", "DOMINO_SWG21992835.NASL", "EULEROS_SA-2016-1054.NASL", "EULEROS_SA-2022-2440.NASL", "EULEROS_SA-2022-2465.NASL", "EULEROS_SA-2022-2616.NASL", "EULEROS_SA-2022-2617.NASL", "EULEROS_SA-2023-1612.NASL", "EULEROS_SA-2023-2177.NASL", "F5_BIGIP_SOL000133052.NASL", "F5_BIGIP_SOL000135262.NASL", "F5_BIGIP_SOL15189.NASL", "FEDORA_2013-1189.NASL", "FEDORA_2013-1203.NASL", "FEDORA_2013-1289.NASL", "FEDORA_2014-2175.NASL", "FEDORA_2014-2183.NASL", "FEDORA_2014-4426.NASL", "FEDORA_2014-4443.NASL", "FEDORA_2014-9539.NASL", "FEDORA_2014-9581.NASL", "FEDORA_2016-0A4DCCDD23.NASL", "FEDORA_2016-2B0C16FD82.NASL", "FEDORA_2016-F4A443888B.NASL", "FREEBSD_PKG_549A277149CC11E4AE2CC80AA9043978.NASL", "FREEBSD_PKG_61B8C3594AAB11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "FREEBSD_PKG_CBCEEB493BC711E68E82002590263BF5.NASL", "FREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL", "GENTOO_GLSA-201412-29.NASL", "GENTOO_GLSA-201604-02.NASL", "GENTOO_GLSA-201705-09.NASL", "GENTOO_GLSA-202107-39.NASL", "GENTOO_GLSA-202305-37.NASL", "GLASSFISH_CPU_OCT_2017.NASL", "IBM_COGNOS_6828527.NASL", "JENKINS_1_583.NASL", "JENKINS_2_394.NASL", "MANDRIVA_MDVSA-2014-056.NASL", "MANDRIVA_MDVSA-2015-084.NASL", "MYSQL_ENTERPRISE_MONITOR_2_3_17.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_11.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_27.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_35.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_5_1_5.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "NUTANIX_NXSA-AOS-6_5_4.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "NUTANIX_NXSA-AOS-6_6_2_7.NASL", "NUTANIX_NXSA-AOS-6_7.NASL", "OPENJDK_2022-07-19.NASL", "OPENSUSE-2013-161.NASL", "OPENSUSE-2013-304.NASL", "OPENSUSE-2013-305.NASL", "OPENSUSE-2013-786.NASL", "OPENSUSE-2014-297.NASL", "OPENSUSE-2014-298.NASL", "OPENSUSE-2014-445.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2021-605.NASL", "ORACLELINUX_ELSA-2013-0270.NASL", "ORACLELINUX_ELSA-2014-0348.NASL", "ORACLELINUX_ELSA-2014-0429.NASL", "ORACLELINUX_ELSA-2014-0865.NASL", "ORACLELINUX_ELSA-2016-2599.NASL", "ORACLELINUX_ELSA-2022-5683.NASL", "ORACLELINUX_ELSA-2022-5687.NASL", "ORACLELINUX_ELSA-2022-5695.NASL", "ORACLELINUX_ELSA-2022-5696.NASL", "ORACLELINUX_ELSA-2022-5698.NASL", "ORACLELINUX_ELSA-2022-5709.NASL", "ORACLELINUX_ELSA-2022-5726.NASL", "ORACLELINUX_ELSA-2022-5736.NASL", "ORACLELINUX_ELSA-2023-6570.NASL", "ORACLELINUX_ELSA-2023-7065.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_BI_PUBLISHER_JUL_2017_CPU.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_JAN_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_JUL_2023.NASL", "ORACLE_JAVA_CPU_JUL_2022.NASL", "ORACLE_OATS_CPU_JUL_2019.NASL", "ORACLE_OATS_CPU_JUL_2023.NASL", "ORACLE_OBIEE_CPU_APR_2023.NASL", "ORACLE_OBIEE_CPU_JUL_2023.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2021.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2023.NASL", "ORACLE_RDBMS_CPU_APR_2023.NASL", "ORACLE_RDBMS_CPU_JUL_2020.NASL", "ORACLE_RDBMS_CPU_JUL_2023.NASL", "ORACLE_RDBMS_CPU_OCT_2014.NASL", "ORACLE_RDBMS_CPU_OCT_2021.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2019.NBIN", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_SITES_APR_2015_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL", "ORACLE_WEBCENTER_SITES_CPU_JUL_2023.NASL", "ORACLE_WEBCENTER_SITES_JAN_2016_CPU.NASL", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2023.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2016.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2022_V14.NASL", "PHOTONOS_PHSA-2020-3_0-0141_COMMONS.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2013-0680.NASL", "REDHAT-RHSA-2013-1428.NASL", "REDHAT-RHSA-2014-0224.NASL", "REDHAT-RHSA-2014-0253.NASL", "REDHAT-RHSA-2014-0348.NASL", "REDHAT-RHSA-2014-0429.NASL", "REDHAT-RHSA-2014-0453.NASL", "REDHAT-RHSA-2014-0525.NASL", "REDHAT-RHSA-2014-0526.NASL", "REDHAT-RHSA-2014-0591.NASL", "REDHAT-RHSA-2014-0865.NASL", "REDHAT-RHSA-2014-1162.NASL", "REDHAT-RHSA-2014-1320.NASL", "REDHAT-RHSA-2014-1321.NASL", "REDHAT-RHSA-2016-0070.NASL", "REDHAT-RHSA-2016-2069.NASL", "REDHAT-RHSA-2016-2072.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2016-2807.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2021-3466.NASL", "REDHAT-RHSA-2021-3467.NASL", "REDHAT-RHSA-2021-3468.NASL", "REDHAT-RHSA-2021-3656.NASL", "REDHAT-RHSA-2021-3658.NASL", "REDHAT-RHSA-2022-5681.NASL", "REDHAT-RHSA-2022-5683.NASL", "REDHAT-RHSA-2022-5684.NASL", "REDHAT-RHSA-2022-5685.NASL", "REDHAT-RHSA-2022-5687.NASL", "REDHAT-RHSA-2022-5695.NASL", "REDHAT-RHSA-2022-5696.NASL", "REDHAT-RHSA-2022-5697.NASL", "REDHAT-RHSA-2022-5698.NASL", "REDHAT-RHSA-2022-5700.NASL", "REDHAT-RHSA-2022-5701.NASL", "REDHAT-RHSA-2022-5709.NASL", "REDHAT-RHSA-2022-5726.NASL", "REDHAT-RHSA-2022-5736.NASL", "REDHAT-RHSA-2023-4909.NASL", "REDHAT-RHSA-2023-6570.NASL", "REDHAT-RHSA-2023-7065.NASL", "ROCKY_LINUX_RLSA-2022-5683.NASL", "ROCKY_LINUX_RLSA-2022-5696.NASL", "ROCKY_LINUX_RLSA-2022-5726.NASL", "SAP_BUSINESS_OBJECTS_BIP_AUG_23_3312047.NASL", "SECURITYCENTER_5_8_0_TNS_2018_15.NASL", "SL_20130219_JAKARTA_COMMONS_HTTPCLIENT_ON_SL5_X.NASL", "SL_20140401_XALAN_J2_ON_SL5_X.NASL", "SL_20140423_TOMCAT6_ON_SL6_X.NASL", "SL_20140709_TOMCAT6_ON_SL6_X.NASL", "SL_20161103_TOMCAT_ON_SL7_X.NASL", "SL_20220801_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20220801_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "STRUTS_2_3_16_1.NASL", "STRUTS_2_3_16_1_WIN_LOCAL.NASL", "STRUTS_2_3_36_FILEUPLOAD.NASL", "STRUTS_2_5_12.NASL", "SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-131017.NASL", "SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-140403.NASL", "SUSE_11_JAKARTA-COMMONS-HTTPCLIENT3-130328.NASL", "SUSE_11_XALAN-J2-140623.NASL", "SUSE_SU-2019-14044-1.NASL", "SUSE_SU-2022-2610-1.NASL", "SUSE_SU-2022-2660-1.NASL", "SUSE_SU-2022-2707-1.NASL", "SUSE_SU-2022-2819-1.NASL", "SUSE_SU-2022-2856-1.NASL", "SUSE_SU-2022-2898-1.NASL", "SUSE_SU-2022-2899-1.NASL", "SUSE_SU-2022-2949-1.NASL", "SUSE_SU-2022-3092-1.NASL", "SUSE_SU-2022-3152-1.NASL", "SUSE_SU-2022-4166-1.NASL", "SUSE_SU-2023-0695-1.NASL", "SUSE_SU-2023-0696-1.NASL", "SUSE_SU-2023-0697-1.NASL", "SUSE_SU-2023-0730-1.NASL", "SUSE_SU-2023-0758-1.NASL", "SUSE_SU-2023-1769-1.NASL", "SUSE_SU-2023-2318-1.NASL", "SUSE_SU-2023-2319-1.NASL", "SUSE_SU-2023-2390-1.NASL", "SUSE_SU-2023-2504-1.NASL", "SUSE_SU-2023-2505-1.NASL", "TOMCAT_10_1_5.NASL", "TOMCAT_10_1_8.NASL", "TOMCAT_11_0_0_M3.NASL", "TOMCAT_7_0_52.NASL", "TOMCAT_7_0_70.NASL", "TOMCAT_8_0_3.NASL", "TOMCAT_8_5_85.NASL", "TOMCAT_8_5_88.NASL", "TOMCAT_9_0_71.NASL", "TOMCAT_9_0_74.NASL", "UBUNTU_USN-2029-1.NASL", "UBUNTU_USN-2130-1.NASL", "UBUNTU_USN-2218-1.NASL", "UBUNTU_USN-2769-1.NASL", "UBUNTU_USN-3024-1.NASL", "UBUNTU_USN-3027-1.NASL", "UBUNTU_USN-5095-1.NASL", "UBUNTU_USN-5546-1.NASL", "UBUNTU_USN-5546-2.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0007.NASL", "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL", "VMWARE_ORCHESTRATOR_VMSA_2014_0007.NASL", "VMWARE_VCENTER_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008.NASL", "WEBSPHERE_301027.NASL", "WEBSPHERE_547999.NASL", "WEBSPHERE_6453091.NASL", "WEBSPHERE_711867.NASL", "WEBSPHERE_7_0_0_33.NASL", "WEBSPHERE_8_0_0_9.NASL", "WEBSPHERE_8_5_5_2.NASL", "WEBSPHERE_PORTAL_8_0_0_1_CF12.NASL", "WEBSPHERE_PORTAL_CVE-2014-0050.NASL", "WEB_APPLICATION_SCANNING_113939", "WEB_APPLICATION_SCANNING_113940", "WEB_APPLICATION_SCANNING_113941", "WEB_APPLICATION_SCANNING_113942"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310108626", "OPENVAS:1361412562310108627", "OPENVAS:1361412562310120079", "OPENVAS:1361412562310120214", "OPENVAS:1361412562310120359", "OPENVAS:1361412562310120384", "OPENVAS:1361412562310120469", "OPENVAS:1361412562310120725", "OPENVAS:1361412562310121315", "OPENVAS:1361412562310121459", "OPENVAS:1361412562310123422", "OPENVAS:1361412562310123433", "OPENVAS:1361412562310123724", "OPENVAS:1361412562310141668", "OPENVAS:1361412562310702827", "OPENVAS:1361412562310702856", "OPENVAS:1361412562310702886", "OPENVAS:1361412562310702897", "OPENVAS:1361412562310703609", "OPENVAS:1361412562310703611", "OPENVAS:1361412562310703614", "OPENVAS:1361412562310804251", "OPENVAS:1361412562310807013", "OPENVAS:1361412562310807039", "OPENVAS:1361412562310808197", "OPENVAS:1361412562310808268", "OPENVAS:1361412562310808618", "OPENVAS:1361412562310809211", "OPENVAS:1361412562310809213", "OPENVAS:1361412562310810747", "OPENVAS:1361412562310811250", "OPENVAS:1361412562310841621", "OPENVAS:1361412562310841741", "OPENVAS:1361412562310841827", "OPENVAS:1361412562310842488", "OPENVAS:1361412562310842823", "OPENVAS:1361412562310842824", "OPENVAS:1361412562310850747", "OPENVAS:1361412562310850772", "OPENVAS:1361412562310852501", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310865280", "OPENVAS:1361412562310865298", "OPENVAS:1361412562310867519", "OPENVAS:1361412562310867523", "OPENVAS:1361412562310867670", "OPENVAS:1361412562310867674", "OPENVAS:1361412562310868129", "OPENVAS:1361412562310868132", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310871148", "OPENVAS:1361412562310871159", "OPENVAS:1361412562310871200", "OPENVAS:1361412562310871701", "OPENVAS:1361412562310871961", "OPENVAS:1361412562310881604", "OPENVAS:1361412562310881911", "OPENVAS:1361412562310881914", "OPENVAS:1361412562310881927", "OPENVAS:1361412562310881960", "OPENVAS:1361412562311220161054", "OPENVAS:702827", "OPENVAS:702856", "OPENVAS:702886", "OPENVAS:702897", "OPENVAS:703609", "OPENVAS:703611", "OPENVAS:703614", "OPENVAS:841621", "OPENVAS:841741", "OPENVAS:865277", "OPENVAS:865280", "OPENVAS:865298", "OPENVAS:867519", "OPENVAS:867523", "OPENVAS:867670", "OPENVAS:867674", "OPENVAS:870917", "OPENVAS:871148", "OPENVAS:871159", "OPENVAS:881604", "OPENVAS:881911", "OPENVAS:881914", "OPENVAS:881927"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2022", "ORACLE:CPUJUL2023", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022", "ORACLE:CPUOCT2023"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0270", "ELSA-2014-0348", "ELSA-2014-0429", "ELSA-2014-0686", "ELSA-2014-0865", "ELSA-2016-2599", "ELSA-2017-2247", "ELSA-2022-5683", "ELSA-2022-5687", "ELSA-2022-5695", "ELSA-2022-5696", "ELSA-2022-5698", "ELSA-2022-5709", "ELSA-2022-5726", "ELSA-2022-5736"]}, {"type": "osv", "idList": ["OSV:DLA-222-1", "OSV:DLA-2741-1", "OSV:DLA-3155-1", "OSV:DLA-528-1", "OSV:DLA-529-1", "OSV:DSA-2897-1", "OSV:DSA-5256-1", "OSV:GHSA-2X83-R56G-CV47", "OSV:GHSA-3832-9276-X7GF", "OSV:GHSA-7C2Q-5QMR-V76Q", "OSV:GHSA-7X9J-7223-RG5M", "OSV:GHSA-9339-86WC-4QGF", "OSV:GHSA-CX6H-86XW-9X34", "OSV:GHSA-F7F6-XRWC-9C57", "OSV:GHSA-FRGR-C5F2-8QHH", "OSV:GHSA-FVM3-CFVJ-GXQQ", "OSV:GHSA-GWRP-PVRQ-JMWV", "OSV:GHSA-H76P-MC68-JV3P", "OSV:GHSA-HFRX-6QGJ-FP6C", "OSV:GHSA-QX6H-9567-5FQW", "OSV:GHSA-RC2W-R4JQ-7PFX", "OSV:GHSA-V6C7-8QX5-8GMP", "OSV:GHSA-VM69-474V-7Q2W", "OSV:GHSA-XX68-JFCG-XMMF"]}, {"type": "photon", "idList": ["PHSA-2020-0141", "PHSA-2020-3.0-0141", "PHSA-2022-3.0-0449", "PHSA-2023-4.0-0413"]}, {"type": "prion", "idList": ["PRION:CVE-2012-5783", "PRION:CVE-2012-6153", "PRION:CVE-2013-0248", "PRION:CVE-2013-2185", "PRION:CVE-2013-2186", "PRION:CVE-2014-0050", "PRION:CVE-2014-0107", "PRION:CVE-2016-1000031", "PRION:CVE-2016-3092", "PRION:CVE-2017-1000394", "PRION:CVE-2021-29425", "PRION:CVE-2022-34169", "PRION:CVE-2023-24998", "PRION:CVE-2023-27900", "PRION:CVE-2023-27901", "PRION:CVE-2023-28709"]}, {"type": "redhat", "idList": ["RHSA-2013:0270", "RHSA-2013:0679", "RHSA-2013:0680", "RHSA-2013:0682", "RHSA-2013:1006", "RHSA-2013:1428", "RHSA-2013:1429", "RHSA-2013:1442", "RHSA-2013:1448", "RHSA-2013:1853", "RHSA-2014:0224", "RHSA-2014:0252", "RHSA-2014:0253", "RHSA-2014:0348", "RHSA-2014:0400", "RHSA-2014:0401", "RHSA-2014:0429", "RHSA-2014:0452", "RHSA-2014:0453", "RHSA-2014:0454", "RHSA-2014:0459", "RHSA-2014:0525", "RHSA-2014:0526", "RHSA-2014:0527", "RHSA-2014:0528", "RHSA-2014:0590", "RHSA-2014:0591", "RHSA-2014:0818", "RHSA-2014:0819", "RHSA-2014:0865", "RHSA-2014:1007", "RHSA-2014:1059", "RHSA-2014:1162", "RHSA-2014:1290", "RHSA-2014:1291", "RHSA-2014:1320", "RHSA-2014:1321", "RHSA-2014:1351", "RHSA-2014:1369", "RHSA-2014:1904", "RHSA-2014:1995", "RHSA-2015:0234", "RHSA-2015:0235", "RHSA-2015:0675", "RHSA-2015:0720", "RHSA-2015:0765", "RHSA-2015:0850", "RHSA-2015:0851", "RHSA-2015:1009", "RHSA-2015:1888", "RHSA-2016:0070", "RHSA-2016:2068", "RHSA-2016:2069", "RHSA-2016:2070", "RHSA-2016:2071", "RHSA-2016:2072", "RHSA-2016:2599", "RHSA-2016:2807", "RHSA-2016:2808", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0868", "RHSA-2021:2465", "RHSA-2021:3225", "RHSA-2021:3466", "RHSA-2021:3467", "RHSA-2021:3468", "RHSA-2021:3471", "RHSA-2021:3516", "RHSA-2021:3534", "RHSA-2021:3656", "RHSA-2021:3658", "RHSA-2021:3660", "RHSA-2021:3700", "RHSA-2021:5134", "RHSA-2022:1108", "RHSA-2022:1110", "RHSA-2022:5681", "RHSA-2022:5683", "RHSA-2022:5684", "RHSA-2022:5685", "RHSA-2022:5687", "RHSA-2022:5695", "RHSA-2022:5696", "RHSA-2022:5697", "RHSA-2022:5698", "RHSA-2022:5700", "RHSA-2022:5701", "RHSA-2022:5709", "RHSA-2022:5726", "RHSA-2022:5730", "RHSA-2022:5736", "RHSA-2022:5753", "RHSA-2022:5754", "RHSA-2022:5755", "RHSA-2022:5756", "RHSA-2022:5757", "RHSA-2022:5758", "RHSA-2022:5879", "RHSA-2022:5908", "RHSA-2022:5909", "RHSA-2022:6040", "RHSA-2022:6053", "RHSA-2022:6252", "RHSA-2022:6262", "RHSA-2022:6263", "RHSA-2023:2100", "RHSA-2023:3299", "RHSA-2023:3954", "RHSA-2023:4909", "RHSA-2023:4910", "RHSA-2023:6570", "RHSA-2023:7065"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000394", "RH:CVE-2021-29425", "RH:CVE-2022-34169", "RH:CVE-2023-24998", "RH:CVE-2023-27900", "RH:CVE-2023-27901", "RH:CVE-2023-28709"]}, {"type": "rocky", "idList": ["RLSA-2022:5683", "RLSA-2022:5696", "RLSA-2022:5726"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2138"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29176", "SECURITYVULNS:DOC:30086", "SECURITYVULNS:DOC:30388", "SECURITYVULNS:DOC:30394", "SECURITYVULNS:DOC:30435", "SECURITYVULNS:DOC:30865", "SECURITYVULNS:DOC:32033", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:DOC:32573", "SECURITYVULNS:VULN:13441", "SECURITYVULNS:VULN:13578", "SECURITYVULNS:VULN:13630", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14470", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14755"]}, {"type": "seebug", "idList": ["SSV:60668", "SSV:61443", "SSV:61951", "SSV:62048", "SSV:84935"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2021:0605-1", "SUSE-SU-2013:1660-1", "SUSE-SU-2014:0548-1", "SUSE-SU-2014:0870-1", "SUSE-SU-2017:1660-1", "SUSE-SU-2022:2660-1", "SUSE-SU-2022:2707-1", "SUSE-SU-2022:2856-1", "SUSE-SU-2022:2949-1", "SUSE-SU-2022:3092-1"]}, {"type": "symantec", "idList": ["SMNTC-1329", "SMNTC-93604"]}, {"type": "threatpost", "idList": ["THREATPOST:40B4CEF304ADBCA0734F292661E7810B", "THREATPOST:71CFE98EE69CB32A2F1F115FCB3ACF21", "THREATPOST:A45826A8CDA7058392C4901D6AAD15F1"]}, {"type": "tomcat", "idList": ["TOMCAT:074E9BEB343F13D4FB2E05E0A5A3F2DC", "TOMCAT:0771E17F0F0733FEFCB0AD32B094C50F", "TOMCAT:090D34A8F12561B9A6EBDD358D9AF510", "TOMCAT:1EF4CC5C7BF503712F41C55DB6D80BA3", "TOMCAT:3433D97DD68E3E4EE81DAC140FD2AF8F", "TOMCAT:60B7F846069FB29989715E62FE185ECA", "TOMCAT:61C95A2E406ED797E80D127517613A96", "TOMCAT:6BEAA455226B8F8EE2D08CCDA3BF5EC4", "TOMCAT:6DEC4EF5C6B7579A5B719A342881674D", "TOMCAT:7135E612B620B4B1AFDFF60C0C8C72E3", "TOMCAT:720D06DA167834DEDCCF6CCE7DD28826", "TOMCAT:7E8B1837DB1B24489FB7CEAE24C18E30", "TOMCAT:F983EF6ACA26D78B69D240D2AFF6ADBF"]}, {"type": "ubuntu", "idList": ["USN-2029-1", "USN-2130-1", "USN-2218-1", "USN-2769-1", "USN-3024-1", "USN-3027-1", "USN-5095-1", "USN-5546-1", "USN-5546-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2012-6153", "UB:CVE-2013-0248", "UB:CVE-2013-2185", "UB:CVE-2013-2186", "UB:CVE-2014-0050", "UB:CVE-2014-0107", "UB:CVE-2016-1000031", "UB:CVE-2016-3092", "UB:CVE-2021-29425", "UB:CVE-2022-34169", "UB:CVE-2023-24998", "UB:CVE-2023-28709"]}, {"type": "vaadin", "idList": ["VAADIN:ADVISORY-2023-04-19"]}, {"type": "veracode", "idList": ["VERACODE:10807", "VERACODE:11070", "VERACODE:11180", "VERACODE:11186", "VERACODE:11290", "VERACODE:11350", "VERACODE:12184", "VERACODE:16639", "VERACODE:16647", "VERACODE:16649", "VERACODE:16650", "VERACODE:16651", "VERACODE:16652", "VERACODE:16653", "VERACODE:16655", "VERACODE:16656", "VERACODE:16658", "VERACODE:16659", "VERACODE:29972", "VERACODE:36421", "VERACODE:3832", "VERACODE:39403"]}, {"type": "vmware", "idList": ["VMSA-2014-0007", "VMSA-2014-0007.2", "VMSA-2014-0008", "VMSA-2014-0008.2"]}, {"type": "wolfi", "idList": ["WOLFI:CVE-2023-24998"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-21887"]}]}, "vulnersScore": 8.6}, "_state": {"score": 1701962470, "dependencies": 1701963586}, "_internal": {"score_hash": "a51f686bbcde20c02c5b4f1fdf4a3e0b"}, "affectedSoftware": []}

{"ibm": [{"lastseen": "2023-12-07T13:52:57", "description": "## Summary\n\nApache Commons FileUpload is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2013-0248](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) \n** DESCRIPTION: **Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2016-3092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1000031](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2014-0050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) \n** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n \n** IBM X-Force ID: **220723 \n** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410> \n \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-25T09:03:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM Application Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248", "CVE-2013-2186", "CVE-2014-0050", "CVE-2016-1000031", "CVE-2016-3092", "CVE-2023-24998"], "modified": "2023-09-25T09:03:43", "id": "F0C452EE48E8505188BF8AB45419E7E332E42EB59E328C7C8B8432E5E61A1850", "href": "https://www.ibm.com/support/pages/node/7038693", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-07T10:27:50", "description": "## Summary\n\nApache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) \n** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n** DESCRIPTION: **Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** IBM X-Force ID: **220723 \n** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.2.0| 6.2.0.4| IJ32982| Upgrade to [IBM Tivoli Business Service Manager 6.2.0.4](<https://www.ibm.com/support/pages/node/6578641> \"IBM Tivoli Business Service Manager 6.2.0.4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-26T05:34:17", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248", "CVE-2013-2186", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2022-09-26T05:34:17", "id": "8155B091E8A9E365D7BF4DC2FC7DA1113C991153BF54EDFFC2BCC3322D0D6281", "href": "https://www.ibm.com/support/pages/node/6606997", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:39:00", "description": "## Summary\n\nMultiple vulnerabilities in Apache Commons exists in IBM Sterling B2B Integrator\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>)** \nDESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2\n\n## Remediation/Fixes\n\n**Product & Version **\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM Sterling B2B Integrator 5.2.0 - 5.2.6.3\n\n| Apply fix pack 5020603 then interim fix 5020603_1 on [_Fix Central_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=5.2.6.3&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Affect IBM Sterling B2B Integrator (CVE-2016-3092, CVE-2014-0050, CVE-2013-0248)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2020-02-05T00:53:36", "id": "DBEEBEA67BF53D06F2B67D1EC250BC6DC481E7E1D95538F33DA149848FB8D480", "href": "https://www.ibm.com/support/pages/node/291151", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-31T15:24:00", "description": "## Summary\n\nA vulnerability has been identified in the Apache Commons FileUpload shipped with IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-0034](<https://vulners.com/cve/CVE-2014-0034>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to bypass security restrictions, caused by the improper handling of invalid SAML tokens by the SecurityTokenService. An attacker could exploit this vulnerability using a specially-crafted token to bypass the authentication process and gain unauthorized access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/94337](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94337>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2186](<https://vulners.com/cve/CVE-2013-2186>) \n** DESCRIPTION: **Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/88133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/88133>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n \n** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.2.0| 6.2.0.3 IF| IJ32982| Upgrade to Upgrade to [IBM Tivoli Business Service Manager 6.2.0.3 IF2](<https://www.ibm.com/support/pages/node/6454449> \"IBM Tivoli Business Service Manager 6.2.0.3 IF2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-07T05:55:47", "type": "ibm", "title": "Security Bulletin: Multiple Apache Commons FileUpload vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2014-0034, CVE-2014-0050, CVE-2013-2186, CVE-2016-3092)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2186", "CVE-2014-0034", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2021-11-07T05:55:47", "id": "40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB", "href": "https://www.ibm.com/support/pages/node/6514385", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:45:25", "description": "## Summary\n\nMultiple vulnerabilities in Apache Commons FileUpload used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n**CVEID**: _[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)_ \n**DESCRIPTION**: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID**: _[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)_ \n**DESCRIPTION**: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7 \nIBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7 \n\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR61031](<http://www.ibm.com/support/docview.wss?uid=swg1JR61031>)\n\n| \n\n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310>) \n\\--Apply InfoSphere Information Server [11.7.1.0 Service Pack 1](<http://www.ibm.com/support/docview.wss?uid=ibm10957209>) \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n[JR61031](<http://www.ibm.com/support/docview.wss?uid=swg1JR61031>)\n\n| \n\n\\--Apply InfoSphere Information Server version [11.5.0.2](<http://www.ibm.com/support/docview.wss?uid=swg24043666>) \n\\--Apply InfoSphere Information Server [11.5.0.2 Service Pack 6](<https://www-01.ibm.com/support/docview.wss?uid=ibm10957521>) \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n[JR61031](<http://www.ibm.com/support/docview.wss?uid=swg1JR61031>)\n\n| \n\n\\--Upgrade to a release where this issue is fixed. \n \n \n_For Information Server 11.3, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n** Contact Technical Support:** \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-11T20:55:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031", "CVE-2016-3092"], "modified": "2019-07-11T20:55:02", "id": "EFAFEB4BBDCD09CB8092BF34BF1DF6E8940256BA8189C4734656E48E9BEAB09A", "href": "https://www.ibm.com/support/pages/node/880173", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-07T13:55:06", "description": "## Summary\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions - Transaction Tracking has addressed the following xalan-2.7.1.jar vulnerability and updated xalan.jar from version 2.7.0 to 2.7.3\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-34169](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) \n**DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2014-0107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) \n**DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nITCAM for Transactions | 7.4.0.2 \n \n## Remediation/Fixes\n\nITCAM for Transaction Tracking 7.4.0.2 IFix 22 - [7.4.0.2-TIV-CAMTT-IF0022](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMTT-IF0022&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-08-30T15:28:39", "type": "ibm", "title": "Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2022-34169, CVE-2014-0107 found in xalan-2.7.1.jar and its previous versions", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107", "CVE-2022-34169"], "modified": "2023-08-30T15:28:39", "id": "EE7D5FC311EDDD74400E79AAECF24A3DE3AC29BFEC231105E6C6DB7D45D4329F", "href": "https://www.ibm.com/support/pages/node/7029836", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:52", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nQRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 \n\nQRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11\n\n## Remediation/Fixes\n\n[_QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180327211425&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n[_QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20180416164940&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:06:30", "type": "ibm", "title": "Security Bulletin: QRadar SIEM contains vulnerable components and libraries. (CVE-2014-0050, CVE-2016-3092)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2016-3092"], "modified": "2018-06-16T22:06:30", "id": "9AEA0427FF2CD82F2B2209106517091DB3152CD2629B4BE8F83D8DC005BD43D1", "href": "https://www.ibm.com/support/pages/node/570031", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:41:36", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x:**\n\n \nThis vulnerability only applies to the CCRC WAN server component, and only for certain levels of WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| IBM WebSphere Application Server 8.0, 8.5 and 9.0.| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n\n\n**ClearCase Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Identify the latest available fix (per the bulletin listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n_For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-07-10T08:34:12", "id": "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "href": "https://www.ibm.com/support/pages/node/305265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:10", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fix.\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Websphere Application Server which is/are shipped with Predictive Customer Intelligence. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [](<http://http://www-01.ibm.com/support/docview.wss?uid=swg22011428>)[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T20:13:10", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T20:13:10", "id": "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "href": "https://www.ibm.com/support/pages/node/305219", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:41", "description": "## Summary\n\nIBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. \n \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload library. The affected \u201cApache Commons FileUpload\u201d has been upgraded to the fixed version v1.3.3. \n \nFor more information please refer to the X-Force database entries referenced below.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM FileNet Content Manager 5.2.1, 5.5.0 \nIBM Content Foundation 5.2.1, 5.5.0 \nIBM Case Foundation 5.2.1, 5.3.0\n\n## Remediation/Fixes\n\nTo address this vulnerability install one of the fixes listed below to upgrade to Apache Commons FileUpload v1.3.3 or higher. \n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager / Content Foundation| 5.2.1 \n5.5.0| [PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>) \n[PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>)| [5.2.1.7-P8CPE-ALL-LA008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.2.1.8&platform=All&function=all>) \\- 1/15/2018 \n[5.5.0.0-P8CPE-ALL-LA001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.5.0.0&platform=All&function=all>) \\- 1/15/2018 \nCase Foundation| 5.2.1 \n5.3.0| [PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>) \n[PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>)| [5.2.1.7-P8CPE-ALL-LA008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.2.1.8&platform=All&function=all>) \\- 1/15/2018 \n[5.5.0.0-P8CPE-ALL-LA001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.5.0.0&platform=All&function=all>) \\- 1/15/2018 \n \nIn the above table, the APAR links will provide more information about the fix \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:02", "type": "ibm", "title": "Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:02", "id": "9CEBA1B39CCB6811A505F9227D3A8589890E3374E0755D8A3C0854B9E7E74B4F", "href": "https://www.ibm.com/support/pages/node/300149", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T20:32:04", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). Apache Commons FileUpload, as used in IBM Websphere Liberty and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVE. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Spectrum Control 5.2.8 through 5.2.15.2 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7.1 \n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control (formerly Tivoli Storage Productivity Center) fix maintenance for each named product. Follow the link below, select the correct product version. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. \n \n_Starting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control._\n\n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n \n \n**_IBM Spectrum Control 5.2.x and Tivoli Storage Productivity Center 5.2.x_** \n \n**Release**| **First Fixing VRM Level**| **Link to Fix/Fix Availability Target** \n---|---|--- \n5.2.x| 5.2.16| [_http://www.ibm.com/support/docview.wss?uid=swg21320822_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T19:27:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-02-22T19:27:34", "id": "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "href": "https://www.ibm.com/support/pages/node/305113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:29", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Commons FileUpload Library. Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n_CVSS Base Score: 9.8 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/117957__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)_\n\n## Affected Products and Versions\n\nIBM C\u00faram Social Program Management 7.0.2.0 - 7.0.2.0 \nIBM C\u00faram Social Program Management 7.0.0.0 - 7.0.1.1 \nIBM C\u00faram Social Program Management 6.2.0.0 - 6.2.0.6 \nIBM C\u00faram Social Program Management 6.1.0.0 - 6.1.1.6 \nIBM C\u00faram Social Program Management 6.0.5.0 - 6.0.5.10\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| _Remediation/First Fix_ \n---|---|--- \nIBM C\u00faram Social Program Management| 7.0.2| Visit IBM Fix Central and upgrade to [_7.0.2.0_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.2.0&platform=All&function=all>) or a subsequent 7.0.2 release \nIBM C\u00faram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to [_7.0.1.1_iFix3_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.1.1&platform=All&function=all>) or a subsequent 7.0.1 release \nIBM C\u00faram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to [_6.2.0.6_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.2.0.6&platform=All&function=all>) or a subsequent 6.2.0 release \nIBM C\u00faram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to [_6.1.1.6_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.1.1.6&platform=All&function=all>) or a subsequent 6.1.1 release \nIBM C\u00faram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to [_6.0.5.10 iFix3_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.0.5.10&platform=All&function=all>) or a subsequent 6.0.5 release \n \n## Workarounds and Mitigations\n\nFor information on all other versions please contact C\u00faram Customer Support.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T13:09:54", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM C\u00faram Social Program Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T13:09:54", "id": "B30027B67E0900B9C9192B0EB28EA6D42DDFB696208646582631F912C14CE66F", "href": "https://www.ibm.com/support/pages/node/302599", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:53", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload affects IBM Spectrum Protect\u2122 Plus. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Spectrum Protect Plus 10.1.0. and 10.1.1. \n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect Plus Release_**\n\n| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n \n---|---|---|--- \n10.1| 10.1.1 patch1| Linux| <http://www.ibm.com/support/docview.wss?uid=swg24044571> \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:52", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Spectrum Protect Plus (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:52", "id": "987312D6FC46CA3F269FCE6582D23DFEE688D79E6FE8D1293ED88A90F27657C7", "href": "https://www.ibm.com/support/pages/node/571637", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:43", "description": "## Summary\n\nA security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Commons FileUpload version that is vulnerable to these issues is included in several past versions of IBM Platform Symphony. Commons FileUpload 1.3.3 addresses this vulnerability and can be applied through the manual steps detailed in the Remediation section.\n\n## Vulnerability Details\n\n**CVEID:** CVE-2016-1000031 \n\n**DESCRIPTION:** A vulnerability in IBM Spectrum Symphony and IBM Platform Symphony could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n**CVSS V3 Base Score:** **7.5 HIGH**\n\n**CVSS V3 Vector:** [_CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H_](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-1000031&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>) ([_legend_](<https://nvd.nist.gov/vuln-metrics/cvss>)) \n\n**CVSS V3 Impact Score:** 5.9 \n\n**CVSS V3 Exploitability Score:** 3.9\n\n## Affected Products and Versions\n\nIBM Platform Symphony **6.1.1, 7.1 Fix Pack 1**, and** 7.1.1**,** **and** **IBM Spectrum Symphony** 7.1.2** and **7.2**. All OS editions, including Linux and Windows, are affected. The remediation steps for Linux are provided in this document.** **For Windows, use the Linux steps as a reference and find the correct path for patching.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n\u00b7 **For IBM Platform Symphony 6.1.1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/\n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/1.2.8/lib/commons-fileupload-*.jar /tmp/guibackup \n> mv $EGO_TOP/perf/1.2.8/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/1.2.8/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/1.2.8/lib/\n\n1.5 On each management host, clean up the GUI work directory:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI plc purger\n\n\u00b7 **For IBM Platform Symphony 7.1 Fix Pack 1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/\n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.1/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.1/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.1/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.1/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directory:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI plc purger\n\n\u00b7 **For IBM Platform Symphony 7.1.1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI ascd REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.3/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/commons-fileupload-*.jar \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/soam/7.1.1/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> rm $EGO_TOP/asc/1.1.1/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.3/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.3/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.3/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/soam/7.1.1/deploymentrest/WEB-INF/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/asc/1.1.1/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST ascd plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.4/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.4/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.4/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.4/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.4/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.4/deploymentrest/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2 multi cluster, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/2.0/lib/commons-fileupload-*.jar /tmp/guibackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/gui/apps/2.0/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2 multi-head cluster, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location: \n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services: \n\n> egosh service stop WEBGUI REST plc purger \n\n1.3 For backup purposes, move the following files, which will be replaced by new files: \n\n> mkdir -p /tmp/guibackup/ \n\n> mkdir -p /tmp/perfbackup/ \n\n> mv $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar /tmp/guibackup\n\n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar\n\n> mv $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory: \n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.5/lib/ \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.5/lib/ \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/ \n\n1.5 On each management host, clean up the GUI work directories: \n\n> rm -rf $EGO_TOP/gui/work/* \n\n> rm -rf $EGO_TOP/gui/workarea/* \n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory. \n\n1.6 Launch a web browser and clear your browser cache. \n\n1.7 Start the following services: \n\n> egosh service start WEBGUI REST plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.2, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.6/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.6/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.6/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.6/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.6/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.6/deploymentrest/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST plc purger\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:38:58", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-18T01:38:58", "id": "28CBA14F2DF9254C1445C1338480DCFC0CE9E7605EA9BC20FEE2942EF21E34C9", "href": "https://www.ibm.com/support/pages/node/632641", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:28", "description": "## Summary\n\nAsset Analyzer (RAA) has addressed the following vulnerability. Open Source Commons FileUpload Apache Vulnerabilities \n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**Affected Asset Analyzer (RAA)**\n\n| \n\n**Affected Versions** \n \n---|--- \nRational Asset Analyzer| 6.1.0.16 and previous \n. \n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.17| \\--| <http://www-01.ibm.com/support/docview.wss?uid=swg27021389> \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer (RAA) is affected by an \nOpen Source Commons FileUpload Apache vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-08-03T04:23:43", "id": "681418AA2780D10FE3FE75923CF33BFCB1F9F3C8FD6FEF47FC5127CBC92BB2A5", "href": "https://www.ibm.com/support/pages/node/571363", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:05", "description": "## Summary\n\nIBM Tivoli Netcool Impact has addressed the following vulnerability, Open Source Apache Commons FileUpload vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Tivoli Netcool Impact**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Tivoli Netcool Impact 6.1.0| 6.1.0.0~6.1.0.4 \nIBM Tivoli Netcool Impact 6.1.1| 6.1.1.0~6.1.1.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM Tivoli Netcool Impact 6.1.0| _6.1.0.4 IF1_| _None_| [IBM Tivoli Netcool Impact V6.1.0.4 Interim Fix 1](<http://www-01.ibm.com/support/docview.wss?uid=swg24044676>) \nIBM Tivoli Netcool Impact 6.1.1| _6.1.1.5 IF2_| _None_| [IBM Tivoli Netcool Impact V6.1.1.5 Interim Fix 2](<http://www-01.ibm.com/support/docview.wss?uid=swg24044700>) \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:50:43", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:50:43", "id": "ACE26206FFB4E9BFC947C91835F27A6EA2B5E8DF0FF6B0C69F358731D4D9C900", "href": "https://www.ibm.com/support/pages/node/568699", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:56", "description": "## Summary\n\nOpen Source Commons FileUpload Apache Vulnerabilities addressed by IBM Tivoli Composite Application Manager Agent for Application Diagnostics\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager for Application Diagnostics 7.1 and above\n\n## Remediation/Fixes\n\nThe recommended solution is to apply IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server 7.1 FixPack 4 IFix 2. The download link will be provided when it is available.\n\n## Workarounds and Mitigations\n\nThe following steps can be used to replace commons-fileupload-1.3.2.jar with commons-fileupload-1.3.3.jar in IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server: \n\n1\\. Login to the host where IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server Visualization Engine is installed (ITCAM for AD MSVE);\n\n2\\. Go to WAS_HOME/profiles/<MSVE profile>/installedApps/<MSVE cell>/ITCAM_Application.ear/octigate.web-ws51.war/WEB-INF/lib, replace commons-fileupload-1.3.2.jar with commons-fileupload-1.3.3.jar provided in this security bulletin;\n\n3\\. Restart MSVE's WebSphere server instance.\n\n![commons-fileupload-1.3.3.jar](/support/pages/system/files/support/swg/tivtech.nsf/0/dc19e8a79e05bf3d8525828800172a26/WorkaroundsMitigations/0.3E4.gif)commons-fileupload-1.3.3.jar\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:39", "type": "ibm", "title": "Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:39", "id": "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "href": "https://www.ibm.com/support/pages/node/570721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:49:30", "description": "## Summary\n\nIBM Security Identity Manager (ISIM) has addressed the following vulnerability. Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Product Version** \n--- \nISIM 6.0 \n \n## Remediation/Fixes\n\nProduct | VRMF | Remediation \n---|---|--- \nISIM | 6.0 | [6.0.0-ISS-SIM-FP0020 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.0.0-ISS-SIM-FP0020&continue=1>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-31T02:56:18", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-07-31T02:56:18", "id": "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1", "href": "https://www.ibm.com/support/pages/node/719413", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:42:17", "description": "## Summary\n\nSecurity vulnerability in Apache Commons FileUpload affects IBM Sterling B2B Integrator.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n## Remediation/Fixes\n\n**PRODUCT & Version **\n\n| \n\n**APAR**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n| IT24069 | \n\nApply Fix Pack 5020603_6 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Security Vulnerability in Apache Commons FileUpload Affects IBM Sterling B2B Integrator (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-02-05T00:53:36", "id": "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "href": "https://www.ibm.com/support/pages/node/717023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T23:15:24", "description": "## Summary\n\nIBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. \n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Novell NetIQ Sentinel could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nThis vulnerability is known to affect the following offerings: \n \n\n\n**Affected IBM Initiate Master Data ****Management**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Initiate Master Data Service| \n\n10.1 \n \nIBM InfoSphere Master Data Management| \n\n11.0 \n \nIBM InfoSphere Master Data Management| \n\n11.3 \n \nIBM InfoSphere Master Data Management| \n\n11.4 \n \nIBM InfoSphere Master Data Management| \n\n11.5 \n \nIBM InfoSphere Master Data Management| \n\n11.6 \n \n## Remediation/Fixes\n\n**_Product_**** **\n\n| **_VRMF_**| **_Remediation/First Fix_** \n---|---|--- \nIBM Initiate Master Data Service | \n\n10.1\n\n| [_10.1.031518_IM_Initiate_MasterDataService_ALL_Refresh Pack_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=10.1&platform=All&function=fixId&fixids=10.1.031518_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.0\n\n| [_11.0.0.7-MDM-SAE-FP07IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.0.0.7-MDM-SAE-FP07IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.3\n\n| [_11.3.0.7-MDM-SE-AE-FP07IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.3.0.7-MDM-SE-AE-FP07IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.4\n\n| [_11.4.0.8-MDM-SAE-FP08IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.4.0.8-MDM-SAE-FP08IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.5\n\n| [_11.5.0.6-MDM-SE-AE-FP06IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.5.0.6-MDM-SAE-FP06IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.6\n\n| [_11.6.0.4-MDM-SE-AE _](<www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.6.0.4-MDM-SE-AE&source=SAR>)_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:58:00", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-04-27T09:58:00", "id": "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "href": "https://www.ibm.com/support/pages/node/301939", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:03:42", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest, ClearQuest CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x:**\n\nThis vulnerability only applies to the server component, and only for certain levels of WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is shipped with IBM Rational ClearQuest. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| IBM WebSphere Application Server 8.0, 8.5 and 9.0.| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n**ClearQuest Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x \n8.0.1.x \n9.0.0.x \n9.0.1.x| \n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Identify the latest available fix (per the bulletin listed above) for the version of WAS used for CM server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n* 6 March 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nCVE-ID: CVE-2016-1000031 \nDescription: Novell NetIQ Sentinel could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F117957&data=02%7C01%7Cjohn.kohl%40hcl.com%7C59714a9853de4ba9a23408d5787db916%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636547403739164982&sdata=lQeayADkDigWY3db00Z4LZCyrzmQwEbZfGSRsSf2pMw%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n[{\"Product\":{\"code\":\"SSSH5A\",\"label\":\"Rational ClearQuest\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.1.2;9.0.1.1;9.0.1;9.0.0.6;9.0.0.5;9.0.0.4;9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.1.9;8.0.1.8;8.0.1.7;8.0.1.6;8.0.1.5;8.0.1.4;8.0.1.3;8.0.1.2;8.0.1.16;8.0.1.15;8.0.1.14;8.0.1.13;8.0.1.12;8.0.1.11;8.0.1.10;8.0.1.1;8.0.1;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.21;8.0.0.20;8.0.0.2;8.0.0.19;8.0.0.18;8.0.0.17;8.0.0.16;8.0.0.15;8.0.0.14;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:27:11", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T05:27:11", "id": "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "href": "https://www.ibm.com/support/pages/node/567375", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:54", "description": "## Summary\n\nThere is a potential vulnerability in the Apache Commons FileUpload used by WebSphere Application Server traditional and WebSphere Application Server Liberty. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThese vulnerabilities affect all versions of Liberty for Java in IBM Bluemix up to and including v3.17.1.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.18-20180213-1234 or higher, you must re-stage or re-push your application. \n \nTo find the current version of Liberty for Java in IBM Bluemix being used, from the command-line Cloud Foundry client by running the following commands: \n \n**cf ssh <appname> -c cat \"staging_info.yml\"** \n \nLook for the following lines: \n \n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-xxx, buildpack-v3.xxx, ibmjdk-1.8.0_xxx, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n \nTo re-stage your application using the command-line Cloud Foundry client, use the following command: \n \n**cf restage <appname>** \n \nTo re-push your application using the command-line Cloud Foundry client, use the following command: \n \n**cf push <appname>**\n\n## Workarounds and Mitigations\n\nnone\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 February 2018: Original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS4JBE\",\"label\":\"Liberty for Java for IBM Cloud\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:55", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:55", "id": "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "href": "https://www.ibm.com/support/pages/node/304719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:28", "description": "## Summary\n\nApache Commons FileUpload library, located in commons-fileupload-1.2.2.jar that is installed with IBM Dynamic Workload Console, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Workload Dynamic Console 8.6.0 FP04 and earlier \nIBM Workload Dynamic Console 9.1.0 FP02 and earlier \nIBM Workload Dynamic Console 9.2.0 FP02 and earlier \nIBM Workload Dynamic Console 9.3.0 FP03 and earlier\n\n## Remediation/Fixes\n\nAPAR IJ02685 has been opened to address the FileUpload library vulnerability for IBM Dynamic Workload Console. \n\nThe apar will be fixed in the following fixpacks\n\n8.6.0-TIV-TWS-FP0005 \n9.1.0-TIV-TWS-FP0003 \n9.2.0-TIV-TWS-FP0003 \n9.3.0-TIV-TWS-FP0004 \n \nThe vulnerability has already been fixed in 9.4.0-TIV-TWS-FP0002.\n\nFor Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNot Applicable\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:48:07", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload library in IBM Workload Console can allow a remote attacker to execute arbitrary code on the system (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:48:07", "id": "FB301BD274079F5B2C88A19B0C86981A277D606738CBEB57758A65ED178BA0FC", "href": "https://www.ibm.com/support/pages/node/302269", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:06", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in IBM WebSphere MQ Managed File Transfer, specifically the Web Gateway component, allows remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM WebSphere MQ Managed File Transfer, specifically the Web Gateway component, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM WebSphere MQ v7.5.0.0 to v7.5.0.8 \n\nIBM WebSphere MQ v8.0.0.0 to v8.0.0.8\n\n## Remediation/Fixes\n\n**IBM WebSphere MQ v7.5.0.0 to v7.5.0.8**\n\nUpdate to, if not already, IBM WebSphere fix pack [7.5.0.8](<http://www-01.ibm.com/support/docview.wss?uid=swg22005413>) and then apply interim fix [7.5.0.8-WS-MQ-MFT-IT23627 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.5.0.8-WS-MQ-MFT-IT23627&continue=1>)\n\nI**BM WebSphere MQ v8.0.0.0 to v8.0.0.8**\n\nApply fix pack [ 8.0.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22015103>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:43", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ Managed File Transfer component (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:43", "id": "795D3F68D07925B1C9C765AAF8DA73C30C8A6490AD9D7941029C418A30C9FF2C", "href": "https://www.ibm.com/support/pages/node/301607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:43", "description": "## Summary\n\nFileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content Navigator, has addressed the following vulnerability. \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of FileUpload library\n\n## Vulnerability Details\n\n**CVEID**: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n \n**DESCRIPTION**: FileNet Content Management Interoperability Services (CMIS) could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. The affected \u201cCommons FileUpload\u201d version 1.3.2 has been upgraded to the fixed version 1.3.3 \n \nCVSS Base Score: 9.8 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.3.8 \nIBM Content Navigator 3.0 \nIBM Content Navigator 3.0.1 \nIBM Content Navigator 3.0.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Content Navigator | 2.0.3.8| Download the fix ICN 2.0.3 FP8 LA 15 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) ) \nIBM Content Navigator| 3.0| Download the fix ICN 3.0 LA 12 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.1| Download the fix ICN 3.0.1 LA 05 from IBM Fix central (<https://www.ibm.com/support/fixcentral/>) \nIBM Content Navigator| 3.0.2| Download the fix ICN 3.0.2 LA 02 from IBM Fix central (<https://www.ibm.com/support/fixcentral/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:05", "type": "ibm", "title": "Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content navigator, is affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:05", "id": "3D06AFAAD22542FA483AAC68D77E91B7A2B272972D4F386444B504CB4050B732", "href": "https://www.ibm.com/support/pages/node/300819", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:31", "description": "## Summary\n\nA security vulnerability affects IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe vulnerability applies to the following product and version: \n\n * Watson Explorer Analytical Components Version 11.0.0.0 - 11.0.0.3, 11.0.1.0, 11.0.2.0 - 11.0.2.1, Version 10.0.0.0 - 10.0.0.2\n * IBM Watson Explorer Foundational Components Annotation Administration Console Version 11.0.0.0 - 11.0.0.3, 11.0.1.0, 11.0.2.0 - 11.0.2.1, Version 10.0.0.0 - 10.0.0.2\n * Watson Content Analytics Version 3.5.0.0 - 3.5.0.4\n\n## Remediation/Fixes\n\nFor information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at <http://www.ibm.com/support/fixcentral/>. \n \n\n\n**Affected Product**| **Affected Versions**| **Fix** \n---|---|--- \nWatson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2.0 - 11.0.2.1| Upgrade to Watson Explorer Analytical Components Version 11.0.2.2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nWatson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| \n\n 1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<edition>-IF003** or later. (For example, **10.0.0.2-WS-WatsonExplorer-AE-IF003**.)\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2.0 - 11.0.2.1| Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2.2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>). For information about upgrading, see the [upgrade procedures](<http://www-01.ibm.com/support/docview.wss?uid=swg27048896>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.2| \n\n 1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039429>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<edition>-IF003** or later. (For example, **10.0.0.2-WS-WatsonExplorer-EE-IF003**.)\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \nWatson Content Analytics| 3.5.0.0 - 3.5.0.4| \n\n 1. If not already installed, install Watson Content Analytics Version 3.5 Fix Pack 4 (see the Fix Pack [ ](<www.ibm.com/support/docview.wss?uid=swg24039429>)[download document](<http://www.ibm.com/support/docview.wss?uid=swg24042836>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **3.5.0.4-WT-WCA-IF001**.\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T13:09:50", "type": "ibm", "title": "Security Bulletin: Vulnerability affects Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T13:09:50", "id": "D5934C683F70DCBE4AED04C1CC98975A5321914D3F2282A47A2535F0FC4F1834", "href": "https://www.ibm.com/support/pages/node/300529", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:12", "description": "## Summary\n\nAn Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling Secure Proxy 3.4.3 through 3.4.3.0 iFix 5 \nIBM Sterling Secure Proxy 3.4.2 through 3.4.2.0 iFix 12\n\n## Remediation/Fixes\n\n**_Product_**\n\n| _VRMF_| _APAR_| _How to acquire fix_ \n---|---|---|--- \n_IBM Sterling Secure Proxy_| _3.4.3.0_| _IT23654_| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n_IBM Sterling Secure Proxy_| _3.4.2.0_| _IT23654_| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-12-17T22:56:50", "id": "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "href": "https://www.ibm.com/support/pages/node/302739", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:38", "description": "## Summary\n\nJazz for Service Management (JazzSM) is affected by an Apache Commons FileUpload vulnerability. JazzSM has addressed this vulnerability\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** JazzSM could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Cumulative Patch Level \n---|--- \nJazz for Service Management version 1.1.3| Apache Commons FileUpload Vulnerability addressed with JazzSM 1.1.3 Cumulative Patch level 5 \n[1.1.3.0-TIV-JazzSM-DASH-Cumulative-Patch-0005 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=1.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:47:49", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:47:49", "id": "76322F4FDE913CCFF696E95021198B9D1B68711EA0FBA9EE3CF9E433336206FD", "href": "https://www.ibm.com/support/pages/node/300801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T23:00:12", "description": "## Summary\n\nA vulnerability for Apache Commons FileUpload before 1.3.3 has been reported which allows a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * \n\\- IBM Business Process Manager V7.5.0.0 through V7.5.1.2\n\n\\- IBM Business Process Manager V8.0.0.0 through V8.0.1.3\n\n\\- IBM Business Process Manager V8.5.0.0 through V8.5.0.2\n\n\\- IBM Business Process Manager V8.5.5.0\n\n\\- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2\n\n\\- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06\n\n\\- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03\n\n\\- IBM Business Automation Worfklow V18.0.0.0\n\n\\- IBM Business Process Manager Enterprise Service Bus V8.6.0.0\n\n\\- WebSphere Enterprise Service Bus V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus V7.5.0.0 through V7.5.1.2\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.5.0.0 through V7.5.1.2\n\n\\- WebSphere Process Server V7.0.0.0 through V7.0.0.5\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [JR58572](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR58572>)[ ](<https://www.ibm.com/support/docview.wss?uid=swg1JR58611>)as soon as practical:\n\n * [IBM Business Automation Workflow](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR58572>)\n * WebSphere Process Server\n * WebSphere Enterprise Service Bus (including WESB Registry Edition)\n\n \nIBM Business Process Manager also needs [JR58611](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR58611>):\n\n * [IBM Business Process Manager](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager&release=All&platform=All&function=aparId&apars=JR58611>) (including IBM BPM ESB)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR58611>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR58611>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR58611>)\n\nWebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Please consult the security bulletin\n\n * [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428&myns=swgws&mynp=OCSSEQTP&mync=E&cm_sp=swgws-_-OCSSEQTP-_-E>)\n\nfor vulnerability details and information about fixes for WebSphere Application Server and WebSphere Application Server Liberty. \n \nBecause IBM Business Process Manager V7.5, V8.0 and WebSphere Process Server V7.0 are out of general support, fixes for V7.0, V7.5, V8.0 for these products and WebSphere Enterprise Service Bus V7.0 and V7.5 and WebSphere Enterprise Service Bus Registry Edition V7.0 and V7.5 can be requested from IBM support by eligible customers.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T19:29:07", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload might affect IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-09-15T19:29:07", "id": "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "href": "https://www.ibm.com/support/pages/node/298533", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-11T17:45:11", "description": "## Summary\n\nIBM UrbanCode Release 6.2.5.11 addresses multiple vulnerablities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCR - IBM UrbanCode Release| 6.2.x - 6.2.5.8 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Release 6.2.5.11 or above.\n\n**Affected Supporting Product(s)**\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM UrbanCode Release 6.2.x - 6.2.5.8\n\n| \n\n[Download ](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FUrbanCode+Release&fixids=6.2.5.11-UrbanCode-Release&source=SAR> \"Download\" )IBM UrbanCode Release 6.2.5.11 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-19T14:54:34", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Release 6.2.5.11 addresses multiple vulnerablities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-10-19T14:54:34", "id": "753750D99E84195C92FDB4519B938F223622C78B3BC3235E7F42F101031B017D", "href": "https://www.ibm.com/support/pages/node/7053627", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:54:54", "description": "## Summary\n\nThere is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server Liberty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.5.3 \nLog Analysis| 1.3.6.x \nLog Analysis| 1.3.7.x \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s):| Fix details: \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.5.3, 1.3.6.x and 1.3.7.x| For Log Analysis 1.3.5.3 to 1.3.7.2, upgrade the liberty version to [WebSphere Application Server Liberty 23.0.0.4](<https://www.ibm.com/support/pages/node/6984197>) (use wlp-core-all-23.0.0.4.jar) by following these [steps](<https://www.ibm.com/support/pages/node/6498029>). \nRef: [Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload](<https://www.ibm.com/support/pages/node/6982047>) (CVE-2023-24998) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-10T14:42:12", "type": "ibm", "title": "Security Bulletin: Denial of Service in Apache Commons used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-05-10T14:42:12", "id": "90F2E87CAB28D12C60942E0019A52F68E90731BBDF37587BAB21828E95F4FECB", "href": "https://www.ibm.com/support/pages/node/6989427", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:55:16", "description": "## Summary\n\nCVE-2023-24998 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 10.1 \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nProduct| Version| Platform| Remediation / Fix \n---|---|---|--- \nIBM CICS TX Advanced| \n\n10.1\n\n| Linux| [Fix Central Link](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-docker-image-10.1.0.0-ifix16&source=SAR>) \nIBM CICS TX Advanced| \n\n11.1\n\n| Linux| [Fix Central Link](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix9&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-05T12:40:29", "type": "ibm", "title": "Security Bulletin: CVE-2023-24998 may affect IBM CICS TX Advanced", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-05-05T12:40:29", "id": "147971FE5C036CD088B119D138AB1319139982977746AC6CC71DFCD52A6A4C7A", "href": "https://www.ibm.com/support/pages/node/6988527", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:56:54", "description": "## Summary\n\nApp Connect Professional have addressed the following vulnerabilities reported in Apache Tomcat.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Professional| v7.5.5.0 \n \n\n\n## Remediation/Fixes\n\nApp Connect Professional| 7.5.5.0| LI82930| [7550 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.5.0&platform=All&function=fixId&fixids=7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.builtDockerImage,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.docker,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.vcrypt2,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.sc-linux,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.32bit.sc-linux,7.5.5.0-WS-ACP-20230328-1650_H8_64-CUMUIFIX-019.studio,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.ova,7.5.5.0-WS-ACP-20230328-1650_H8_64-CUMUIFIX-019.32bit.studio,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.32bit.sc-win,7.5.5.0-WS-ACP-20230328-1650_H31_64-CUMUIFIX-019.sc-win,&includeSupersedes=0> \"7550 Fixcentral link\" ) \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-18T19:38:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-04-18T19:38:14", "id": "16870C7D678B41BE58729B97907A8C3CF47C8E29D68373A23DE169E331EAFA48", "href": "https://www.ibm.com/support/pages/node/6984431", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:57:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3.x \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)](<https://www.ibm.com/support/pages/node/6982047> \"Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload \$CVE-2023-24998\$\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-19T00:05:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-04-19T00:05:40", "id": "298EFC710D957A9290FACEB55B19B914046C39A7C201E511611F8F02DBCACB15", "href": "https://www.ibm.com/support/pages/node/6984675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:54:38", "description": "## Summary\n\nIBM Business Automation Workflow packages a vulnerable copy of Apache commons-fileupload in its /BPM/Lombardi/lib directory.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s)| Status \n---|---|--- \nIBM Business Automation Workflow containers| \n\nV22.0.2 - V22.0.2.IF003 \nV22.0.1 all fixes \nV21.0.3 - V21.0.3-IF019 \nV21.0.2 all fixes \nV20.0.0.2 all fixes \nV20.0.0.1 all fixes\n\n| affected \nIBM Business Automation Workflow traditional| V22.0.1 - V22.0.2 \nV21.0.1 - V21.0.3.1 \nV20.0.0.1 - V20.0.0.2 \nV19.0.0.1 - V19.0.0.3| affected \nIBM Business Automation Workflow Enterprise Service Bus| V22.0.2| affected \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) as soon as practical.\n\nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Business Automation Workflow containers| V22.0.2| Apply [22.0.2-IF004](<https://www.ibm.com/support/pages/node/6608102> \"22.0.2-IF004\" ) \nIBM Business Automation Workflow containers| V22.0.1| Upgrade to Business Automation Workflow on Containers 22.0.2 and apply [22.0.2-IF004](<https://www.ibm.com/support/pages/node/6608102> \"22.0.2-IF004\" ) \nIBM Business Automation Workflow containers| V21.0.3| Apply [21.0.3-IF020](<https://www.ibm.com/support/pages/node/6574109> \"21.0.3-IF020\" ) \nor upgrade to [22.0.2-IF004](<https://www.ibm.com/support/pages/node/6608102> \"22.0.2-IF004\" ) or later \nIBM Business Automation Workflow containers| V21.0.2 \nV20.0.0.1 - V20.0.0.2| Upgrade to [21.0.3-IF020](<https://www.ibm.com/support/pages/node/6574109> \"21.0.3-IF020\" ) \nor upgrade to [22.0.2-IF004](<https://www.ibm.com/support/pages/node/6608102> \"22.0.2-IF004\" ) or later \nIBM Business Automation Workflow traditional and IBM Business Automation Workflow Enterprise Service Bus| V22.0.2| Apply [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) \nIBM Business Automation Workflow traditional| V21.0.3.1| Apply [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) \nor upgrade to [IBM Business Automation Workflow traditional V22.0.2](<https://www.ibm.com/support/pages/node/6830489> \"IBM Business Automation Workflow traditional V22.0.2\" ) and apply [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) \nIBM Business Automation Workflow traditional| V20.0.0.2| Apply [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) \nor upgrade to [IBM Business Automation Workflow traditional V22.0.2](<https://www.ibm.com/support/pages/node/6830489> \"IBM Business Automation Workflow traditional V22.0.2\" ) and apply [DT197974](<https://www.ibm.com/mysupport/aCI3p000000LDrI> \"DT197974\" ) \nIBM Business Automation Workflow traditional| V22.0.1 \nV21.0.2 \nV20.0.0.1 \nV19.0.0.3| Upgrade to a long term support release or the latest SSCD version. See [IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum](<https://www.ibm.com/support/pages/ibm-business-automation-workflow-and-ibm-integration-designer-software-support-lifecycle-addendum> \"IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-15T17:19:49", "type": "ibm", "title": "Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-05-15T17:19:49", "id": "2922A3214BA6B1F2389D0599A3D1B88E8927FF0E60EE84B2531CF4E40C5EB5B2", "href": "https://www.ibm.com/support/pages/node/6987131", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:53:55", "description": "## Summary\n\nIBM Websphere\u00ae Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version (19.0.0.5) that is packaged with the MobileFirst Platform is impacted by the vulnerability described in CVE-2023-24998.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Foundation| 8.0.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)** | \n\n**Version Number(s) and/or range**\n\n| \n\n**Remediation/Fix/Instructions** \n \n---|---|--- \n \nIBM MobileFirst Platform\n\n| \n\n8.0.0.0\n\n| \n\nFix build 8.0.0.0-MFPF-IF202304111626 build includes Liberty upgrade to version 23.0.0.1 (PH54031).\n\nPlease download from [Fix Central](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FOther%20software&product=ibm/Other+software/IBM+MobileFirst+Platform+Foundation&release=All&platform=All&function=fixId&fixids=8.0.0.0-MFPF-IF202304111626&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=dbluesearch&mhsrc=ibmsearch_a&mhq=IF202304111626&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-22T19:32:30", "type": "ibm", "title": "Security Bulletin: IBM\u00ae MobileFirst Platform is vulnerable to CVE-2023-24998", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-05-22T19:32:30", "id": "F635FFE721BC997985018B42B724BE4FEDE2E1F9F930A39573A5A1002F559401", "href": "https://www.ibm.com/support/pages/node/6997293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:58:12", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version** \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server V8.5 and V9 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)](<https://www.ibm.com/support/pages/node/6982047>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-04-13T02:16:48", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-04-13T02:16:48", "id": "4ABA2F40482D1BB4F7BCCBA50D5313C680D48BC0DA01540779A532AC16B13A71", "href": "https://www.ibm.com/support/pages/node/6983456", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:52:25", "description": "## Summary\n\nThere is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could allow a remote attacker to cause a denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Storage Scale| 5.1.0.0 - 5.1.2.10 \nIBM Storage Scale| 5.1.3.0 - 5.1.7.1 \n \n\n\n## Remediation/Fixes\n\nFor IBM Spectrum Scale V5.1.0.0 through V5.1.2.10, apply V5.1.2.11 available from FixCentral at: \n \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all>)\n\n \nFor IBM Spectrum Scale V5.1.3.0 through V5.1.7.1, apply V5.1.8.0 available from FixCentral at: \n \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.8&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.8&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-15T11:56:59", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-06-15T11:56:59", "id": "0F341A737C01B76C91936E371046C0B10C0B07790BE0C7AC799425ECE59E1C15", "href": "https://www.ibm.com/support/pages/node/7004199", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:48:49", "description": "## Summary\n\nThe commons-fileupload package is used by IBM Cloud Pak for Data System 1.0 . IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-24998].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Data System 1.0| 1.0.0.0-1.0.8.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 1.0.8.2| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=1.0.8.2-WS-ICPDS-fp235&product=ibm%2FWebSphere%2FIBM%20Cloud%20Private%20for%20Data%20System&source=dbluesearch&mhsrc=ibmsearch_a&mhq=1%26period%3B0%26period%3B8%26period%3B2&function=fixId&parent=ibm/WebSphere>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-31T11:14:59", "type": "ibm", "title": "Security Bulletin: Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-24998]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-07-31T11:14:59", "id": "34B76136C2EA2661CCC8207EF108E1C0F779F66F6576FF55C69EE28064801260", "href": "https://www.ibm.com/support/pages/node/7015811", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:52:06", "description": "## Summary\n\nVulnerability in Apache Commons FileUpload allows denial of service, caused by not limit the number of request, may affect IBM Spectrum Control.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Control| 5.4 \n \n## Remediation/Fixes\n\n**Release**| **First Fixing** \n**VRM Level**| **Link to Fix** \n---|---|--- \n5.4| 5.4.10.1| **<https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-23T10:36:10", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Commons FileUpload", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-06-23T10:36:10", "id": "442F8F54FC3C1B6C71C1B31769670C098381116E6549674B856D74B582257135", "href": "https://www.ibm.com/support/pages/node/7004913", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-21T17:45:14", "description": "## Summary\n\nIBM Sterling B2B Integrator uses Apache Commons FileUpload.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.8 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.4 and 6.1.2.0 - 6.1.2.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **Version**| **APAR**| **Remediation & Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.8| IT43908| Apply 6.0.3.9 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.4 and 6.1.2.0 - 6.1.2.2| IT43908| Apply 6.1.0.8, 6.1.2.3 or 6.2.0.0 \n \nThe IIM versions of 6.0.3.9, 6.1.0.8 and 6.1.2.3 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.2.0.0 is available on Passport Advantage\n\nThe container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-21T16:44:13", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-11-21T16:44:13", "id": "4466AD26CE307CB6A498616A187AEFD6CA52B02D288C758691B19D45DC949F08", "href": "https://www.ibm.com/support/pages/node/7080176", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:50:25", "description": "## Summary\n\nApache Commons FileUpload is used by IBM Content Navigator as part of the file upload functionailty. CVE-2023-24998.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Content Navigator| 3.0.13 IF002 \nIBM Content Navigator| 3.0.12 IF006 \nIBM Content Navigator| 3.0.11 IF009 \n \n## Remediation/Fixes\n\n**Affected Product(s)**| **Version(s)**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Content Navigator| 3.0.13 IF003| Download [3.0.13 IF003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Content+Navigator&release=3.0.13&platform=All&function=fixId&fixids=3.0.13.0-ICN-IF003-AIX,+3.0.13.0-ICN-IF003-Linux,+3.0.13.0-ICN-IF003-WIN,+3.0.13.0-ICN-IF003-zLinux,+3.0.13-ICNSP-IF003-WIN&includeSupersedes=0> \"ICN 3.0.13 IF003\" ) and follow [instructions](<https://download4.boulder.ibm.com/sar/CMA/OSA/0bftd/0/icn_3.0.13.0_ifix003_readme.htm> \"ICN 3.0.13 IF003 Instructions\" ) \nIBM Content Navigator| 3.0.12 IF007| Download [3.0.12 IF007](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Content+Navigator&release=3.0.12&platform=All&function=fixId&fixids=3.0.12.0-ICN-IF007-AIX,3.0.12.0-ICN-IF007-WIN,3.0.12.0-ICN-IF007-Linux,3.0.12.0-ICN-IF007-zLinux,3.0.12-ICNSP-IF007-WIN&includeSupersedes=0> \"Download 3.0.12 IF007\" ) and follow [Instructions](<https://download4.boulder.ibm.com/sar/CMA/OSA/0bib1/0/icn_3.0.12.0_ifix007_readme.htm> \"ICN 3.0.12 IF007 Instructions\" ) \nIBM Content Navigator| 3.0.11 IF010| Download [3.0.11 IF010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Content+Navigator&release=3.0.11&platform=All&function=fixId&fixids=3.0.11-ICNSP-IF010-WIN,3.0.11-NMO-IF010-WIN,3.0.11.0-ICN-IF010-WIN,3.0.11.0-ICN-IF010-AIX,3.0.11.0-ICN-IF010-Linux,3.0.11.0-ICN-IF010-zLinux&includeSupersedes=0> \"3.0.11 IF010\" ) and follow [instructions](<https://download4.boulder.ibm.com/sar/CMA/OSA/0b0v4/1/icn_3.0.11.0_ifix008_readme.htm> \"ICN 3.0.11 IF008 Instructions\" ) \n \n## Workarounds and Mitigations\n\nNo action required.\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-05T21:10:31", "type": "ibm", "title": "Security Bulletin: IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-07-05T21:10:31", "id": "2D12734997CB01FAC16AF70A7A7B6B7C873EFDAF53434FADBE8395F35152ACEF", "href": "https://www.ibm.com/support/pages/node/7002807", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T17:51:30", "description": "## Summary\n\nA denial of service issue was identified in IBM WebSphere Application Server Liberty due to Apache Commons FileUpload, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n**DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.1 LTS \nIBM MQ | 9.2 LTS \nIBM MQ | 9.3 LTS \nIBM MQ | 9.2 CD \nIBM MQ | 9.3 CD \n \nThe following installable MQ components are affected by the vulnerability: \n \n\\- REST API and Console \n \nIf you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>\n\n## Remediation/Fixes\n\nThis issue was resolved under APAR IT43717 \n\n**IBM MQ 9.1 LTS**\n\n[Apply cumulative security update 9.1.0.16](<https://www.ibm.com/support/pages/downloading-ibm-mq-91016-lts-csu>)\n\n**IBM MQ 9.2 LTS**\n\n[Apply fix pack 9.2.0.15](<https://www.ibm.com/support/pages/downloading-ibm-mq-92015-fix-pack>)\n\n**IBM MQ 9.3 LTS**\n\n[Apply cumulative security update 9.3.0.6](<https://www.ibm.com/support/pages/downloading-ibm-mq-9306-lts-csu>)\n\n**IBM MQ 9.2 CD and 9.3 CD**\n\n[Upgrade to IBM MQ Version 9.3.3](<https://www.ibm.com/support/pages/downloading-ibm-mq-933-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-28T18:57:00", "type": "ibm", "title": "Security Bulletin: IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-06-28T18:57:00", "id": "4DBA44304F47EF7ECE45895A39B792969DF13B68A2A2E0E0856148D8E2EB5060", "href": "https://www.ibm.com/support/pages/node/7007425", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:50:55", "description": "## Summary\n\nIBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/90987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90987>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2010-5312](<https://vulners.com/cve/CVE-2010-5312>) \n** DESCRIPTION: **jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the title parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/98696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98696>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6708](<https://vulners.com/cve/CVE-2012-6708>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery(strInput) function. A remote attacker could exploit this vulnerability using the to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2015-9251](<https://vulners.com/cve/CVE-2015-9251>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-7103](<https://vulners.com/cve/CVE-2016-7103>) \n** DESCRIPTION: **jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dialog function. A remote attacker could exploit this vulnerability using the 'closeText' parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-11358](<https://vulners.com/cve/CVE-2019-11358>) \n** DESCRIPTION: **jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2011-4969](<https://vulners.com/cve/CVE-2011-4969>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling the \"location.hash\" property. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/82875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82875>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM VA| 7.0.2 \nISIM VA| 7.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **Remediation** \n---|---|--- \n \nIBM Security Identity Manager Virtual Appliance\n\n| \n\n7.0.2\n\n| \n\n[7.0.2-ISS-SIM-FP0002](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.2-ISS-SIM-FP0002&source=SARASA> \"7.0.2-ISS-SIM-FP0002\" ) \n \nIBM Security Identity Manager Virtual Appliance\n\n| \n\n7.0.1\n\n| \n\n[7.0.1-ISS-SIM-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0014&source=SAR> \"7.0.1-ISS-SIM-FP0014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-15T15:22:21", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5312", "CVE-2011-4969", "CVE-2012-6708", "CVE-2014-0050", "CVE-2015-9251", "CVE-2016-1000031", "CVE-2016-3092", "CVE-2016-7103", "CVE-2019-11358"], "modified": "2020-09-15T15:22:21", "id": "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "href": "https://www.ibm.com/support/pages/node/6333027", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-05-27T17:58:47", "description": "## Summary\n\nA vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n**DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing &#34;dot dot&#34; sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63574](<http://www.ibm.com/support/docview.wss?uid=swg1JR63574> \"JR63574\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply IBM Information Server version [11.7.1.1 Service Pack 2](<https://www.ibm.com/support/pages/node/6466751> \"11.7.1.1 Service Pack 2\" ) \n \nFor Red Hat 8 installations, contact IBM Customer support. \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-07-08T19:42:34", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2021-07-08T19:42:34", "id": "1DA3D6D706ECAAEAD6DA37D47F841CF74690B2BC39CF2D0F990E5E369E062074", "href": "https://www.ibm.com/support/pages/node/6468573", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:27:57", "description": "## Summary\n\nA Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and remediation/Fixes for this issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.5 \n \n\n\n## Remediation/Fixes\n\nPlease install the newest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data: \n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.0.6**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-01-12T21:59:00", "id": "51D76932A5074CEFE166544E71EEFE076AC2B628BC8BB22ADB147946546F595D", "href": "https://www.ibm.com/support/pages/node/6563317", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-27T17:58:01", "description": "## Summary\n\napache commons IO is used by IBM Spectrum Scale Transparent Cloud Tiering. IBM Spectrum Scale Transparent Cloud Tiering has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing &#34;dot dot&#34; sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \ngpfs.tct.client| 1.1.5 \ngpfs.tct.server| 1.1.2 \ngpfs.tct.server| 1.1.6 \ngpfs.tct.client| 1.1.3 \ngpfs.tct.client| 1.1.2 \ngpfs.tct.server| 1.1.1 \ngpfs.tct.client| 1.1.1 \ngpfs.tct.server| 1.1.5 \ngpfs.tct.server| 1.1.4 \ngpfs.tct.server| 1.1.7 \ngpfs.tct.server| 1.1.3 \ngpfs.tct.server| 1.1.8 \n \n## Remediation/Fixes\n\nFor Transparent Cloud Tiering 1.1.1.0 thru 1.1.8.4, apply Transparent Cloud Tiering 1.1.8.4 bundled with IBM Spectrum Scale V5.1.1.3 available from FixCentral at:\n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.1&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.3&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-08-14T03:30:51", "type": "ibm", "title": "Security Bulletin: IBM Transparent Cloud Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2021-08-14T03:30:51", "id": "D4E5C893A250FEAE3B156BCBD1DEEF2119A50FFC25619BC8C5AF90EB197582DB", "href": "https://www.ibm.com/support/pages/node/6475629", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:15:44", "description": "## Summary\n\nCommons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE [CVE-2021-29425].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Data System 2.0| 2.0.0.0 - 2.0.2.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**\n\nAffected Product(s)| VRMF| Remediation/Fixes \n---|---|--- \nIBM Cloud Pak for Data System 2.0| 2.0.2.1| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=2.0.2.1-WS-ICPDS-fp203&product=ibm%2FWebSphere%2FIBM%20Cloud%20Private%20for%20Data%20System&source=dbluesearch&mhsrc=ibmsearch_a&mhq=2%26period%3B0%26period%3B2%26period%3B1&function=fixId&parent=ibm/WebSphere>) \n \nPlease follow the steps given in [release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/2.0?topic=20-version-2021-release-notes> \"release notes\" ) to upgrade the system with the above version. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-03-31T11:54:32", "type": "ibm", "title": "Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-03-31T11:54:32", "id": "D746FCC42AA4EACDC97DAC1D5692FFB0BC18A7F167436F4A8BC474A41F66704A", "href": "https://www.ibm.com/support/pages/node/6967567", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:42:15", "description": "## Summary\n\nIn the WebSphere Application Server (WAS) where the Rational Asset Manager(RAM) is deployed, a potential vulnerability in the Apache Commons FileUpload is identified. Information about this security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the **Remediation/Fixes** section.\n\n## Affected Products and Versions\n\n \nRational Asset Manager 7.5.3.2 and earlier. \n\n## Remediation/Fixes\n\nThe remediation is applicable for both Rational Asset Manager and WebSphere Application Server (WAS). \n\n\nFor applying fix on WAS, refer to the security bulletin specified in the following table for information about fixes.\n\n**Affected Supporting Product** | \n\n**Affected Supporting Product Security Bulletin** \n---|--- \n \nIBM WebSphere Application Server Version 8.0, 8.5 and 8.5.5 | \n\n[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \n \n\n\nFor applying fix on RAM, upgrade to **Rational Asset Manager 7.5.3.3** or **Download **the **iFix **as specified in the following table. \n**Version** | **Fix** \n---|--- \nRational Asset Manager 7.5.2.4 | Rational Asset Manager 7.5.2.4 iFix [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Asset+Manager&fixids=ram7.5.2.4_iFix002&source=SAR>). \n \nNOTE: For support on other Rational Asset Manager versions, please contact IBM support. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-29T10:08:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in the WebSphere Application Server where the Rational Asset Manager is deployed. (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-29T10:08:28", "id": "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "href": "https://www.ibm.com/support/pages/node/567471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:12", "description": "## Summary\n\nVulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.5 \nWebSphere Service Registry and Repository V8.0 \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product\n\n## Remediation/Fixes\n\nTo remediate CVE-2016-1000031 you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository. \n \nFor** WebSphere Application Server** updates refer to this bulletin: \n[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \nFor **WebSphere Service Registry and Repository**, this vulnerability has been fixed under APAR IJ01131. Fixes containing IJ01131 have been published and are available from Fix Central. \n \n**For WSRR V8.5**\n\n * Apply [**V8.5.6.1****_IJ01131**](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.5.6.1-WS-WSRR-MultiOS-IFIJ01131>)** \n**\n**For WSRR V8.0**\n\n * Apply [](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&function=fixId&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085>)[**V****8.0.0.3_IV65487_IV79085_IV87422_IV87429_IV89477_IJ01131**](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085_IV87422_IV87429_IV89477_IJ01131>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:22", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:22", "id": "1071929E319DA2301B42C192AD319E3B6E2E74FD95170F6C359D22224A6C2385", "href": "https://www.ibm.com/support/pages/node/299859", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:42", "description": "## Summary\n\nFileNet Collaboration Services has addressed the following vulnerability. \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of FileUpload library\n\n## Vulnerability Details\n\n**CVEID**: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n\n\n**DESCRIPTION**: IBM FileNet Collaboration Services could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. The affected \u201cCommons FileUpload\u201d version 1.3.2 has been upgraded to the fixed version v1.3.3 \n\nCVSS Base Score: 9.8 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.3.8 \n\nIBM Content Navigator 3.0\n\nIBM Content Navigator 3.0.1\n\nIBM Content Navigator 3.0.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Content Navigator | 2.0.3.8| Download the fix ICN 2.0.3 FP8 LA 15 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) ) \nIBM Content Navigator| 3.0| Download the fix ICN 3.0 LA 12 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.1| Download the fix ICN 3.0.1 LA 05 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.2| Download the fix ICN 3.0.2 LA 02 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:05", "type": "ibm", "title": "Security Bulletin: FileNet Collaboration Services is affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:05", "id": "C9E756FDC2D170A759D074368FA581B4BDE59726C48E93D77387BFF9A0BD269B", "href": "https://www.ibm.com/support/pages/node/300809", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:54", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. \nInformation about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the Security Bulletin [Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nIBM Business Monitor V8.5.5, V8.5.6 and V8.5.7 \nIBM Business Monitor V8.0.1.3 \nIBM Business Monitor V8.0 \n \n\n\n**Principal Product and Versions**| **Affected Supporting Product and Versions** \n---|--- \nIBM Business Monitor V8.5.7 | WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.6| WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.5| WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.0.1.3| WebSphere Application Server V8.0 \nIBM Business Monitor V8.0 | WebSphere Application Server V8.0 \n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:56", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:56", "id": "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "href": "https://www.ibm.com/support/pages/node/304981", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:56", "description": "## Summary\n\nFix is available for vulnerability in Apache Commons FileUpload affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031).\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus WebGUI 8.1.0 \nTivoli Netcool/OMNIbus WebGUI 7.4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nTivoli Netcool/OMNIbus WebGUI| 8.1.0| IJ04482| Apply Fix Pack 13 \n([Fix Pack for WebGUI 8.1.0 Fix Pack 13](<http://www.ibm.com/support/docview.wss?uid=swg24044415>)) \nTivoli Netcool/OMNIbus WebGUI| 7.4.0| IJ04482| Upgrade to WebGUI 8.1.0 and then apply Fix Pack 13 \n([Fix Pack for WebGUI 8.1.0 Fix Pack 13](<http://www.ibm.com/support/docview.wss?uid=swg24044415>)) \n \n**Please also note the**** **[**end of support announcement**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**Netcool End of Support Knowledge Collection**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:45", "id": "AA02BE79DCD02EDB1B362BC22E1303156066D6065A6A81B509F48BDDA3058239", "href": "https://www.ibm.com/support/pages/node/571119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:05", "description": "## Summary\n\nIBM Tivoli Business Service Manager has addressed the following vulnerability, Open Source Apache Commons FileUpload vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM ****Tivoli Business Service Manager**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Tivoli Business Service Manager 6.1.0| 6.1.0.0~6.1.0.4 \nIBM Tivoli Business Service Manager 6.1.1| 6.1.1.0~6.1.1.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.1.0| _6.1.0.4 IF7_| _None_| [IBM Tivoli Business Service Manager V6.1.0.4 Interim Fix 7](<http://www-01.ibm.com/support/docview.wss?uid=swg24044675>) \nIBM Tivoli Business Service Manager 6.1.1| _6.1.1.5 IF5_| _None_| [IBM Tivoli Business Service Manager V6.1.1.5 Interim Fix 5](<http://www-01.ibm.com/support/docview.wss?uid=swg24044699>) \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:50:43", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Business Service Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:50:43", "id": "9885EF692D10F55B10165D028D563DA2E874C62358D512573E854BC6EF0EF9FE", "href": "https://www.ibm.com/support/pages/node/568703", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:18", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected IBM API Management | Affected Versions \n---|--- \nIBM API Connect | 5.0.0.0-5.0.8.4 \n \n## Remediation/Fixes\n\nAffected releases | Fixed in VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM API Connect V5.0.0.0 - 5.0.8.4 | 5.0.8.5 | LI80550 | \n\nAddressed in IBM API Connect V5.0.8.5 fixpack.\n\nFollow this link and find the APIConnect_Management package.\n\n \n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-17T17:35:01", "type": "ibm", "title": "Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-01-17T17:35:01", "id": "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "href": "https://www.ibm.com/support/pages/node/794179", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:14", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Remote Server: \n\u2022 8.5, 9.0\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server 8.5, 9.0| WebSphere Application Server 8.0, 8.5, 8.5.5, 9.0| [_Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server_](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n## ", "cvss3": {}, "published": "2018-06-15T07:08:57", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:57", "id": "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "href": "https://www.ibm.com/support/pages/node/567405", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-23T21:49:36", "description": "## Summary\n\nIBM Sterling Order Management uses Apache Commons FileUpload and is affected by some of the vulnerabilities that exist in Apache Commons FileUpload.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling Selling and Fulfillment Foundation 9.1.0 through 10.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes. \n\n**_Product_**\n\n| \n\n**_Security Fix Pack*_**\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 10.0 | **_10.0-SFP1_** | [Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.5.0\n\n| \n\n**_9.5.0-SFP4_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.4.0\n\n| \n\n**_9.4.0-SFP5_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.3.0\n\n| \n\n**_9.3.0-SFP7_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.1\n\n| \n\n**_9.2.1- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.0\n\n| \n\n**_9.2.0- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.1.0\n\n| \n\n**_9.1.0- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T17:00:01", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-07T17:00:01", "id": "B09323FD9F65F6065C7B68F00028DEBB77D6AFCCF024832FCF79623893150BE7", "href": "https://www.ibm.com/support/pages/node/870454", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:12", "description": "## Summary\n\nVulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) \nCVE-2016-1000031\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Algo One Algo Risk Application (ARA) v5.1, 5.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nIBM Algo One - ARA| 5.1.0.3-2| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.3-2-Algo-One-ARA-if0346:0&includeSupersedes=0&source=fc&login=true>) \nIBM Algo One - ARA| 5.0.0.6-23| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-23-Algo-One-ARA-if0400:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:52:11", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) \nCVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T23:52:11", "id": "75D402B2CEA61D69C553141E08DFD9743DA1DE8E0FE50384A99E9AD4F4E5B618", "href": "https://www.ibm.com/support/pages/node/569289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:57", "description": "## Summary\n\nApache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Advanced Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Cloud Application Performance Management, Base Private 8.1.4 \nIBM Cloud Application Performance Management, Advanced Private 8.1.4 \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\n_Product_\n\n| _Product_ \n_VRMF_| _Remediation_ \n---|---|--- \nIBM Monitoring \n\nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced\n\n| _8.1.3 _ \n \n \n_ _| The vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0012 server patch to the system where the Performance Management server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854>)\n\nThe vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0008 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003853](<https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003853>) \n \nIBM Cloud Application Performance Management Base Private \n\nIBM Cloud Application Performance Management Advanced Private\n\n| _8.1.4_| The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0004 server patch to the system where the Cloud APM server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783>)\n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \n \nIBM Cloud Application Performance Management| _N.A_| The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:30", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:30", "id": "BABF5F87446773F486C4241A55805D7AF675A10E3D8F7FB739A641C0B3FD8389", "href": "https://www.ibm.com/support/pages/node/570555", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:50", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in Control Center, could allow remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior.\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \nDescription: Apache Commons FileUpload, as used in Novell NetIQ Sentinel, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Control Center 6.1.1.0 through 6.1.1.0 iFix02 \nIBM Control Center 6.1.0.0 through 6.1.0.2 iFix03 \nIBM Control Center 6.0.0.0 through 6.0.0.2 iFix02\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Control Center | 6.0.0.2 | [_Fix Central - 6.0.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) iFix03 \nIBM Control Center | 6.1.0.2 | [_Fix Central - 6.1.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.0.2&platform=All&function=all>) iFix04 \nIBM Control Center | 6.1.1.0 | [_Fix Central - 6.1.1.0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.1.0&platform=All&function=all>) iFix03 \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM Control Center (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-12-17T22:47:42", "id": "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "href": "https://www.ibm.com/support/pages/node/572139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:25:16", "description": "## Summary\n\nThere is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.3 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-02-01T21:30:20", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-02-01T21:30:20", "id": "4613F5FBE822E46EFBDE0BEFB9DFF932DFF57574FD8ADDAA8B5EB509A776A53B", "href": "https://www.ibm.com/support/pages/node/6574039", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T17:52:40", "description": "## Summary\n\nApache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nPUB| 7.0.1 \nPUB| 7.0.2 \n \n## Remediation/Fixes\n\nProduct| Version(s)| How to remediate ? \n---|---|--- \nIBM Engineering Lifecycle Optimization - Publishing| 7.0.1| The vulnerability can be remediated by applying the following PUB [7.0.1 iFix023](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Engineering+Lifecycle+Optimization+-+Publishing&fixids=7.0.1.0-ELM-PUB-iFix023&source=SAR>) or later iFixes \n7.0.2| The vulnerability can be remediated by applying the following PUB [7.0.2 iFix025](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Engineering+Lifecycle+Optimization+-+Publishing&fixids=7.0.2.0-ELM-PUB-iFix025&source=SAR>) or later iFixes \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-10-04T08:07:30", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons IO affect IBM Engineering Lifecycle Optimization - Publishing", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-10-04T08:07:30", "id": "661E58A060EF9C8F748FA7ED6419C170D5C3494BB737AE7F8E89C2FAA010E787", "href": "https://www.ibm.com/support/pages/node/7046953", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-10-23T14:52:22", "description": "## Summary\n\nFileNet Content Manager has addressed the following HTTP Client v3.0.1 and v4.0.1 vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.2.1\n\n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the patch sets listed below to upgrade HTTP Client v4.5.5 or higher.\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager | 5.2.1 | [_PJ45429_](<https://www.ibm.com/support/pages/apar/PJ45429>) | \n\n[_5.2.1.7-P8CPE-IF004_ ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \\- 9/28/2018 \n \n \nIn the above table, the APAR links will provide more information about the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-10-26T21:21:16", "type": "ibm", "title": "Security Bulletin: FileNet Content Manager is affected by a HTTP Client vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2021-10-26T21:21:16", "id": "8D964A6D85AB92A093A54D98B52835DA52D646F29F4FB8F77B0F37827E6FEFB1", "href": "https://www.ibm.com/support/pages/node/720183", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T13:34:49", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as components of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nConsult the Security Bulletin [Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n## Principal Product and Version\n\n| \n\n## Affected Supporting Product and Version \n \n---|--- \nIBM Business Monitor V8.5.7 | WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.6 | WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.5 | WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.1.0.3 | WebSphere Application Server V8.0 \nIBM Business Monitor V8.0 | WebSphere Application Server V8.0 \n \n## ", "cvss3": {}, "published": "2018-07-06T00:22:40", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-07-06T00:22:40", "id": "F06557E676BEE33840ABDCBC8B63800AEF257D21E96813D19608264A0DF5ED04", "href": "https://www.ibm.com/support/pages/node/713649", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-12T21:33:42", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783) ](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>)for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms | WebSphere Application Server v8.5.5 \nIBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms | WebSphere Application Server v8.5.5.7 \nIBM Security Key Lifecycle Manager (SKLM) v2.7 on distributed platforms | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 on distributed platforms | WebSphere Application Server v9.0.0.5 \n \n## ", "cvss3": {}, "published": "2018-07-18T16:25:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-07-18T16:25:03", "id": "3F50B90AA067D7B221DE01833CF094A0A4B8DFCEFA2F20192B47FCC636918D02", "href": "https://www.ibm.com/support/pages/node/717675", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:45:16", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \n \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6\n\n| \n\n * WebSphere Application Server V8.5.5 through V8.5.5.12 \n \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5\n\n| \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.12 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply the fixes as soon as practical. \n\n**Principal Product and Version(s)** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6 | \n\nUpgrade to IBM Cloud Orchestrator 2.5 Fix Pack 7: \n<https://www-01.ibm.com/support/docview.wss?uid=ibm10718247> \n \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 | After you upgrade to minimal fix pack levels as required by interim fix, apply the appropriate Interim to your environment as soon as practical. For details, see \n\n[Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-12-06T06:05:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-12-06T06:05:02", "id": "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "href": "https://www.ibm.com/support/pages/node/739523", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:11", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Remote Server: \n\u2022 9.0 \n\u2022 8.5 \n\u2022 7.1 \n\u2022 7.0\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server 9.0, 8.5, 7.1, 7.0| WebSphere Application Server 9.0, 8.5, 8.0, 7.0| [_Information disclosure in Apache Commons HttpClient used by WebSphere Application Server_](<http://www.ibm.com/support/docview.wss?uid=swg22016216>) \n \n## ", "cvss3": {}, "published": "2018-06-23T02:54:21", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2018-06-23T02:54:21", "id": "858896131EA815FB74E9BDD335996EEADB31086755EBD223F4051866A0275C41", "href": "https://www.ibm.com/support/pages/node/712423", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T18:34:54", "description": "## Summary\n\nPrior to version 2.7 vulnerability in Apache Commons IO allow remote attacker to traverse directories on the system to view arbitrary files\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.x \n \n\n\n## Remediation/Fixes\n\nVersion| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.x| Upgrade to Log Analysis version 1.3.7.2 Interim Fix 4. Download the [1.3.7.2-TIV-IOALA-IF004](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7.2-TIV-IOALA-IF004\" ). For Log Analysis prior to 1.3.7.2, [upgrade](<https://www.ibm.com/support/pages/node/1135125> \"upgrade\" ) to [1.3.7-TIV-IOALA-FP2](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7-TIV-IOALA-FP2\" ) before installing this fix. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2022-11-02T16:51:11", "type": "ibm", "title": "Security Bulletin: Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2022-11-02T16:51:11", "id": "FFBD74E0F454FF6A49CA3F34C7271269653B26F1B1272560F1EA3CC07A2021C8", "href": "https://www.ibm.com/support/pages/node/6834012", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T17:54:07", "description": "## Summary\n\nApache Commons IO is used by IBM Application Performance Management.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410> \n \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-09-13T07:48:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Commons IO affect IBM Application Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-09-13T07:48:23", "id": "96B400A629016635BE698B4182ED121C51D888226F4491EF114BF41A423A0700", "href": "https://www.ibm.com/support/pages/node/7031989", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T17:58:28", "description": "## Summary\n\nThis Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nETM| 7.0.1 \nETM| 7.0.2 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of Apache commons io library.\n\nSuggested :\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nEngineering Test Management | 7.0.1| \n\nDownload and apply ETM 7.0.2 iFix21 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.1&platform=All&function=all>) \n \nEngineering Test Management | 7.0.2| Download and apply ETM 7.0.3 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2023-07-18T07:19:01", "type": "ibm", "title": "Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-07-18T07:19:01", "id": "B1BA4BC7E745A499101FD9143D2E31C7E6E0F57F30264DD60DCC485E0AD2AA07", "href": "https://www.ibm.com/support/pages/node/7012661", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-27T17:58:43", "description": "## Summary\n\nThe product includes an older version of Apache Commons that may be identified and exploited with a specially-crafted URL request.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing &#34;dot dot&#34; sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nResilient OnPrem| IBM Security SOAR \n \n\n\n## Remediation/Fixes\n\nUsers must upgrade to v41.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Documentation](<https://www.ibm.com/docs/en/rsoa-and-rp/41?topic=guide-upgrade-procedure> \"IBM Documentation\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-07-14T18:25:14", "type": "ibm", "title": "Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2021-07-14T18:25:14", "id": "A5ACA9D08DD29AB239109AF58FB6B994D318DCD5424F5180E2376E622C4AE6D3", "href": "https://www.ibm.com/support/pages/node/6472061", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:51:41", "description": "## Summary\n\nApache Commons IO is used by several components in IBM Cloud Pak for Multicloud Management Monitoring. The product does not allow input that processes files or directories, but the affected software has been updated out of an abundance of caution.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| \n\n2.0 - 2.3 FixPack 4 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading using the instructions found at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2022-06-29T14:13:46", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to directory traversal due to its use of Apache Commons IO (CVE-2021-29425)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2022-06-29T14:13:46", "id": "49901ECEEAD43A7B78DB4958F32F55FA5CC90F26DA4A3A18C04B7A04C3B6FBA6", "href": "https://www.ibm.com/support/pages/node/6599647", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-04-24T10:04:37", "description": "## Summary\n\nIBM Security Guardium has fixed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-0107](<https://vulners.com/cve/CVE-2014-0107>) \n** DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Guardium| 11.0 \n \nIBM Security Guardium| 11.1 \n \n \n\n\n## Remediation/Fixes\n\nProduct| Versions| Fix \n---|---|--- \nIBM Security Guardium| 11.0 \n| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p35_Bundle_Mar-30-2021&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p35_Bundle_Mar-30-2021&includeSupersedes=0&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p35_Bundle_Mar-30-2021&includeSupersedes=0&source=fc\" ) \nIBM Security Guardium| 11.1 \n| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p130_Bundle_Feb-19-2021&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p130_Bundle_Feb-19-2021&includeSupersedes=0&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p130_Bundle_Feb-19-2021&includeSupersedes=0&source=fc\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-04-14T20:43:23", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by an Apache Xalan-Java library vulnerability (CVE-2014-0107)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107"], "modified": "2021-04-14T20:43:23", "id": "5D0EF01A9559B5552716917BA193D1298820848516CB3AAE2B74F8B32EA9B337", "href": "https://www.ibm.com/support/pages/node/6443423", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:57:06", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload component potentially affects IBM WebSphere MQ Managed File Transfer.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2013-0248_](<https://vulners.com/cve/CVE-2013-0248>)** \nDESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/82618_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/82618>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n## Affected Products and Versions\n\n**_IBM WebSphere MQ 8.0_**\n\nFixpack 8.0.0.3 and previous maintenance levels\n\n**_IBM WebSphere MQ 7.5_**\n\nFixpack 7.5.0.5 and previous maintenance levels\n\n## Remediation/Fixes\n\n**_IBM WebSphere MQ 8.0_**\n\nApply [fixpack 8.0.0.4](<http://www-01.ibm.com/support/docview.wss?uid=swg21969244>) or later maintenance\n\n**_IBM WebSphere MQ 7.5_**\n\nApply [fixpack 7.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21975660>) or later maintenance\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:52", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload vulnerability affects IBM WebSphere MQ Managed File Transfer (CVE-2013-0248)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248"], "modified": "2018-06-15T07:04:52", "id": "A8A6B57EE1BC9F1473354B832D22D004059F832458042AA25CC089DAF316B910", "href": "https://www.ibm.com/support/pages/node/539557", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:18", "description": "## Summary\n\nIBM Sterling Control Center 5.2 utilizes Apache Xalan-Java that contains a vulnerability. \n\n## Vulnerability Details\n\nCVE-ID:_ _[_CVE-2014-0107_](<https://vulners.com/cve/CVE-2014-0107>) \n \nDESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nThis only affects IBM Sterling Control Center 5.2.01 through 5.2.11.\n\n## Remediation/Fixes\n\n**_Product Name_**\n\n| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_Sterling Control Center_| _5.2.12_| _N/A_| Download and apply fix from [_IWM_](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>) \n \nTo acquire the fix please login to [_IWM_](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq>) \nFor FAQs on downloading an iFix from the IWM site, see the following documentation: _ \n_[_https://www14.software.ibm.com/iwm/web/download_en_US.shtml_](<https://www14.software.ibm.com/iwm/web/download_en_US.shtml>) \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: A vulnerability exists in Apache Xalan-Java prior to 2.7.2 as used in IBM Sterling Control Center 5.2 (CVE-2014-0107)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107"], "modified": "2019-12-17T22:47:42", "id": "0EA796D2A135ACAEACE32D980924643C5D803D02CD6483C9424AD2FB76F96821", "href": "https://www.ibm.com/support/pages/node/247921", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:59", "description": "## Summary\n\nThere is a security vulnerability whereby a remote attacker could bypass security restrictions in Apache Xalan-Java within IBM Cognos Incentive Compensation Management 8.x and 7.x. \n\n\n## Vulnerability Details\n\n \n**CVE IDs**: [CVE-2014-0107](<https://vulners.com/cve/CVE-2014-0107>) \n \n**DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n\n\n## Affected Products and Versions\n\nIBM Cognos Incentive Compensation Management 8.x and 7.x\n\n## Remediation/Fixes\n\nThe recommended solution is to download and install the following applicable fix packs available via [fix central](<http://www-933.ibm.com/support/fixcentral/>). \n\n\n * 7.2.1.82225\n * 7.3.0.82226\n * 8.0.0.82227\n * 8.0.1.82249\n * 8.0.2.82251\n * 8.0.3.82254\n * 8.0.4.82256\n \nThese fix packs are available via [Fix Central](<http://www.ibm.com/support/fixcentral>). \n\n## Workarounds and Mitigations\n\nNone known. Apply fix pack.\n\n## ", "cvss3": {}, "published": "2018-06-15T22:31:28", "type": "ibm", "title": "Security Bulletin: \tSecurity exposure in IBM Cognos Incentive Compensation Management (CVE-2014-0107)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107"], "modified": "2018-06-15T22:31:28", "id": "59318B0CF4C1FAE586869CBD784AA3B2D670508ECC73EDF830A5E166B55DCF65", "href": "https://www.ibm.com/support/pages/node/513557", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:02", "description": "## Summary\n\nThe Apache Commons FileUpload that is used by IBM\u00ae WebSphere\u2122 Application Server affects IBM SPSS Analytic Server. The potential threat could allow a remote attacker to execute arbitrary code on the system. The fix for this issue requires an update to the Websphere application server (detailed in another security bulletin) and an update to a specific IBM SPSS Analytic Server *.jar file.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SPSS Analytic Server 2.0.0.0 \nIBM SPSS Analytic Server 2.1.0.0 \nIBM SPSS Analytic Server 3.0.0.0 \nIBM SPSS Analytic Server 3.0.1.0 \nIBM SPSS Analytic Server 3.1.0.0 \nIBM SPSS Analytic Server 3.1.1.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the appropriate IBM\u00ae WebSphere\u2122 Application Server update and the IBM SPSS Analytic Server interim fix that is appropriate for your environment. \n \nThe IBM\u00ae WebSphere\u2122 Application Server update is discussed in a separate [_security bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>). \n \n\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nSPSS Analytic Server| _2.0.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.0.0.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.0.0.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| 2.1.0.0| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.1.0.2-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.1.0.2-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.0.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.0.1.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.1.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.1.1.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \n \nYou should verify applying this fix does not cause any compatibility issue in your environment. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T14:19:52", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server affects IBM SPSS Analytic Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T14:19:52", "id": "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "href": "https://www.ibm.com/support/pages/node/569701", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:40", "description": "## Summary\n\nIBM Tivoli Application Dependency Discovery Manager (TADDM) is affected by an Apache Commons FileUpload vulnerability. TADDM has addressed this vulnerability.\n\n## Vulnerability Details\n\n \n**CVE-ID:** [CVE-2016-1000031](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) \n**Description:** IBM Tivoli Application Dependency Discovery Manager could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. An attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nTADDM 7.2.2.5 \nTADDM 7.3.0.3\n\n## Remediation/Fixes\n\n**Fix**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**How to acquire fix** \n \n---|---|---|--- \nefix_taddm_7303_Commonsfileupload_FP320160323.zip| 7.3.0.3| \n\nNone \n\n| \n\n[Download eFix](<ftp://ftp.ecurep.ibm.com/fromibm/coOEH4W2AFkenko8PvdHCUxxpqj8v2Rd9auWWPspdbc/efix_taddm_7303_Commonsfileupload_FP320160323.zip>) \n \nefix_taddm_7225_commonsfileupload_FP520160209.zip| 7.2.2.5| \n\nNone \n\n| \n\n[Download eFix](<ftp://ftp.ecurep.ibm.com/fromibm/5p7T7KB3JdPJ5dVsQ9gpZmpcQZH11msM7gaXY3SJNxU/efix_taddm_7225_commonsfileupload_FP520160209.zip>) \n \n \nPlease get familiar with eFix readme in etc/efix_readme.txt \n\n\n## Workarounds and Mitigations\n\nThe only solution is to apply eFix prepared to specific TADDM version (7.2.2.5 or 7.3.0.3). This fix is only tested for TADDM versions 7.2.2.5 or 7.3.0.3 and should not be applied at other maintenance levels. Upgrade to the latest maintenance level to apply this fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:47:24", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:47:24", "id": "BC4CE6FA6231522277B8CDD6EBE913273E804C9EC6F8EA56F64C54D931A5F0A3", "href": "https://www.ibm.com/support/pages/node/299701", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:07", "description": "## Summary\n\nThere is a potential vulnerability in the Apache Commons FileUpload used by WebSphere Application Server traditional and WebSphere Application Server Liberty. \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Application Server: \n\n * Liberty \n * Version 9.0\n * Version 8.5 \n * Version 8.0 \n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing APARs PI90804 or PI94763 for each named product as soon as practical. \n \n**Note: There was an issue with PI90804 for WebSphere Application Server Liberty. You could encounter a Null Pointer Exception when accessing the getHeader() call during a servlet request. If you have already downloaded the interim fix for PI90804 for Liberty we recommned that you replace it with the new interim fixes for PI94763. \n \nFor WebSphere Application Server Liberty:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI94763](<http://www-01.ibm.com/support/docview.wss?uid=swg24044654>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Liberty Fix Pack 18.0.0.1 or later.** \n \nFor WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:** \n** \nFor V9.0.0.0 through 9.0.0.6:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24044154>) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.0.7 or later. ** \n** \n**For V8.5.0.0 through 8.5.5.12:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.13 or later. ** \n \nFor V8.0.0.0 through 8.0.0.14:** \n\u00b7 Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.0.0.15 or later. \n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:41", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:41", "id": "6109AF1F8D1815678E61E353B816288D20DB8DD1D5C49536DF782435D85C01D2", "href": "https://www.ibm.com/support/pages/node/301027", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:45", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload was addressed by IBM InfoSphere Information Server.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM InfoSphere Information Server, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 9.1, 11.3, and 11.5 \nIBM InfoSphere Information Server on Cloud version 11.5\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_11.5.0.2_](<http://www.ibm.com/support/docview.wss?uid=swg24043666>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_isf_ru9_services_engine_client_multi>) \nInfoSphere Information Server| 11.3| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_11.3.1.2 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24040138>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_isf_ru8_services_engine_client_multi>) \nInfoSphere Business Server| 9.1| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_isf_ru13_services_engine_client_multi>) \n \n**Contact Technical Support:** \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [_contacts for other countries_](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [_open a Service Request_](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T14:17:42", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T14:17:42", "id": "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "href": "https://www.ibm.com/support/pages/node/298795", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:05", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before version 1.3.3, used in IBM WebSphere MQ File Transfer Edition, specifically the Web Gateway component, could allow remote attackers to execute arbitrary code under the context of the current process, causing an undefined behavior.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, used in IBM WebSphere MQ File Transfer Edition, could allow deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM WebSphere MQ File Transfer Edition v7.0.0 \n\nIBM WebSphere MQ File Transfer Edition v7.0.1\n\nIBM WebSphere MQ File Transfer Edition v7.0.2\n\nIBM WebSphere MQ File Transfer Edition v7.0.3\n\nIBM WebSphere MQ File Transfer Edition v7.0.4\n\n## Remediation/Fixes\n\nAll affected product versions are already End of Support. Customers must contact IBM to obtain a fix for the affected release.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:42", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:42", "id": "172E8A857C199BCE10B08A718612B7B83ED02952ADF1DE693EE2C676DADD4B46", "href": "https://www.ibm.com/support/pages/node/301447", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:28", "description": "## Summary\n\nA security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this vulnerability and can be applied through the manual steps detailed in the Remediation section. \n\n## Vulnerability Details\n\n**CVEID:** CVE-2016-1000031 \n**DESCRIPTION:** A vulnerability in IBM Spectrum Conductor with Spark 2.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n**CVSS V3 Base Score: **7.5 HIGH \nCVSS V3 Vector: [_CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H_](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-1000031&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>) ([_legend_](<https://nvd.nist.gov/vuln-metrics/cvss>)) \nCVSS V3 Impact Score: 5.9 \nCVSS V3 Exploitability Score: 3.9\n\n## Affected Products and Versions\n\nIBM Spectrum Conductor with Spark 2.2.0. All architectures. The remediation steps are provided in this document.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n1.1 Log on to each management host in the cluster and download the commons-fileupload-1.3.3-bin.tar.gz package from the following location: \n \n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz> \n \n1.2 Stop the following services: \n \n> egosh service stop WEBGUI REST ascd plc purger \n \n1.3 For backup purposes, move the following files, which will be replaced by new files: \n \n> mkdir -p /tmp/cf121backup/ \n \n> mkdir -p /tmp/cf131backup/ \n \nMake note of the file owner, group, and permissions for the following files: \n>ls -la $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/ascd/2.2.0/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n \n> mv $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar /tmp/cf131backup \n \n> mv $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar /tmp/cf121backup/ \n \n> rm $EGO_TOP/ascd/2.2.0/lib/commons-fileupload-*.jar \n \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n \n1.4 On each management host, decompress the commons-fileupload-1.3.3-bin.tar.gz package and copy the following files to your cluster directory: \n \n> tar zxf commons-fileupload-1.3.3-bin.tar.gz \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.5/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.5/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/ascd/2.2.0/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/ \n \nIf needed, restore the original file permissions with: \n> chmod ### [file] \n \nIf needed, restore the original file owner and group with: \n> chown [user]:[group] [file] \n \n1.5 On each management host, clean up the GUI work directories: \n \n> rm -rf $EGO_TOP/gui/work/* \n \n> rm -rf $EGO_TOP/gui/workarea/* \n \n**NOTE:** If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory. \n \n1.6 Launch a web browser and clear your browser cache. \n \n1.7 Start the following services: \n \n> egosh service start WEBGUI REST ascd plc purger\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:42:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-18T01:42:36", "id": "A4EB252B4F9B1D9E6B670EA990F738AB583192588E1566F20330B6E3CFCB3AA1", "href": "https://www.ibm.com/support/pages/node/664689", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:05", "description": "## Summary\n\n \nIBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n9.3, 9.4, 9.5,10.0, 10.1,10.2,11.0,11.1,11.2\n\n## Remediation/Fixes\n\nThis issue has been addressed in IBM Kenexa LCMS Premier 11.2 latest Fix level \n\nCustomers who are using an affected version should visit IBM Support Portal and open a Service Request (SR) to request an upgrade to latest fixed release.\n\n \n<https://www-947.ibm.com/support/entry/portal>\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:26:42", "type": "ibm", "title": "Security Bulletin: \nIBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T22:26:42", "id": "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "href": "https://www.ibm.com/support/pages/node/301493", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:47:00", "description": "## Summary\n\nAtlas eDiscovery Process Management has addressed Apache Commons FileUpload vulnerability, which could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAtlas eDiscovery Process Management 6.0.3.2 - 6.0.3.6\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nAtlas eDiscovery Process Management| 6.0.3.2 - 6.0.3.6| Use Atlas eDiscovery Process Management version 6.0.3.6 [](<http:///>)[Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Atlas%20eDiscovery&product=ibm/Information+Management/Atlas+eDiscovery+Process+Management&release=6.0.3.6&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:28", "type": "ibm", "title": "Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:28", "id": "D33BBD3C5F74DBFB7700F90DA29C0A0F17319D5EFCD29BE614C5EEA53697BBA1", "href": "https://www.ibm.com/support/pages/node/567925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:38", "description": "## Summary\n\nApache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM eDiscovery Manager| 2.2.2 \n \n\n\n## Remediation/Fixes\n\nProduct \n\n| VRM| Remediation \n---|---|--- \nIBM eDiscovery Manager| 2.2.2| Use IBM eDiscovery Manager 2.2.2.3 [Interim Fix 003](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-WIN-IF003&source=SAR> \"Interim Fix 003\" ) for Windows \n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 003](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-AIX-IF003&source=SAR> \"Interim Fix 003\" ) for AIX \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T22:03:53", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-06-19T22:03:53", "id": "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "href": "https://www.ibm.com/support/pages/node/6236356", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:03", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin: [Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud, all versions.| IBM WebSphere Application Server: \n\n * Liberty \n * Version 9.0\n * Version 8.5 \n * Version 8.0 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:08:46", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:46", "id": "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "href": "https://www.ibm.com/support/pages/node/302813", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:47:42", "description": "## Summary\n\nIBM Case Manager may be vulnerable to Apache Commons FileUpload code execution attacks.\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION**: Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases: \n\n * IBM Case Manager 5.1.1.0 - 5.1.1.4\n * IBM Case Manager 5.2.0.0 - 5.2.0.4\n * IBM Case Manager 5.2.1.0 - 5.2.1.7\n * IBM Case Manager 5.3.0.0\n * IBM Case Manager 5.3.1.0\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n_IBM Case Manager_| _5.3.0.0 - 5.3.1.0_| _PJ45083_| _5.3.2.0-ICM or later versions_ \n_IBM Case Manager_| _5.2.1.0 - 5.2.1.7_| _PJ45082_| _5.2.1.7-ICM-IF002__ or later versions_ \n_IBM Case Manager_| _5.2.0.0 - 5.2.0.4_| _PJ45081_| [_5.2.0.4-ICM-IF002_](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.4-ICM-IF002&continue=1>)_or later versions_ \n_IBM Case Manager _| _5.1.1.0 - 5.1.1.4_| _PJ45077_| [_5.1.1.4-ICM-IF001_](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.1.1.4-ICM-IF001&continue=1>)_or later versions_ \n \n## Workarounds and Mitigations\n\nThe Apache Commons FileUpload jar file, which is installed by IBM Case Manager (ICM), can be manually updated to the latest version to mitigate the security vulnerability. \n\nBelow are the manual instructions on how to update the Apache Common FileUpload jar file with the respective ICM releases.\n\n1) Download the new Apache Commons FileUpload binary from Apache:\n\n \n<https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi>\n\n2) Extract the contents and locate the commons-fileupload-1.3.3.jar file. \n\nNote: As of the writing of the security bulletin, the latest version of FileUpload is v1.3.3.\n\n_IBM Case Manager 5.1.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\CaseWidgets\\CaseForms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager Admin Client (CMAC), and open an existing profile\n\n7) Run the 'Deploy the Forms Application' task.\n\n8) Restart the application server\n\n_IBM Case Manager 5.2.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\configure\\exploded_apps\\forms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager configuration tool, and open an existing profile\n\n7) Run the following tasks\n\n * Create Case Manager Application\n * Deploy the Forms Application\n \n8) Restart the application server \n\n_IBM Case Manager 5.3.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\configure\\exploded_apps\\forms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager configuration tool, and open an existing profile\n\n7) Run the following tasks\n\n * Create Case Manager Applications\n * Deploy the Forms Application\n \n8) Restart the application server \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:00", "type": "ibm", "title": "Security Bulletin: IBM Case Manager may be vulnerable to Apache Commons FileUpload code execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:00", "id": "5E963A16D56492D265E3AD4BB10050F73E3DA9DE70902074CA74AFF7B978ADBF", "href": "https://www.ibm.com/support/pages/node/299177", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:40:29", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed vulnerability in Apache Commons FileUpload (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform version 8.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM OpenPages GRC Platform **8.0** \n| 8.0.0.3.2 | <https://www.ibm.com/support/pages/openpages-grc-platform-8003-interim-fix-2-0> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T21:24:00", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-10-28T21:24:00", "id": "7948B558E9BBB9D7B19D137E1C7944C490BD5D26DB24595F235B080A97AD570E", "href": "https://www.ibm.com/support/pages/node/1098927", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:39", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed vulnerability in Apache Commons FileUpload (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform versions 7.3 through 8.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM OpenPages GRC Platform **8.0** \n| 8.0.0.2 | <https://www.ibm.com/support/docview.wss?uid=ibm10744175> \nIBM OpenPages GRC Platform **7.3.0 ** \n| 7.3.0.3 | <https://www.ibm.com/support/docview.wss?uid=ibm10794867> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-01T21:20:02", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-01T21:20:02", "id": "E143583639D054AA8FE69FA00A9B2C711903F95581EE6F26FFBD1FCD98532960", "href": "https://www.ibm.com/support/pages/node/728743", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:43", "description": "## Summary\n\nIBM Content Classification has addressed the following vulnerability. Apache Commons FileUpload,could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process_._ \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Content Classification 8.8\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Classification| 8.8| Use IBM Content Classification 8.8 [Fix Pack 10](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Classification&release=8.8&platform=Windows&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:00", "type": "ibm", "title": "Security Bulletin: IBM Content Classification is affected by a\u00a0Open Source Commons FileUpload Apache Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:00", "id": "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "href": "https://www.ibm.com/support/pages/node/299127", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n_Principal Product and Version(s)_\n\n| _Affected Supporting Product and Version_ \n---|--- \nIBM Tivoli Netcool Impact 6.1.x | IBM WebSphere Application Server 7.0 \n \n## Remediation/Fixes\n\n_Principal Product and Version(s)_\n\n| _Affected Supporting Product and Version_ \n---|--- \nIBM Tivoli Netcool Impact 6.1.x | For IBM WebSphere Application Server V7.0.0.0 through 7.0.0.45: \nThis vulnerability requires IBM WebSphere Application Server fix pack levels as required by interim fix and then apply Interim Fix [PI96685 ](<http://www-01.ibm.com/support/docview.wss?uid=swg24044989>)and [PI98251](<http://www-01.ibm.com/support/docview.wss?uid=swg24045005>). \nFor instruction on how to upgrade IBM WebSphere Application Server see the latest 6.1.* IBM Tivoli Netcool Impact Fix Pack readme. \n \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {}, "published": "2018-09-05T16:25:55", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-09-05T16:25:55", "id": "37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "href": "https://www.ibm.com/support/pages/node/729877", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:44:46", "description": "## Summary\n\nSecurity vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Content Manager 5.2.1, 5.5.0, 5.5.1\n\n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the releases below.\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager | \n\n5.2.1 \n5.5.0 \n5.5.1\n\n| \n\n[_PJ45429_](<https://www.ibm.com/support/entdocview.wss?uid=swg1PJ45429>) \n[_PJ45429_ \n](<https://www.ibm.com/support/entdocview.wss?uid=swg1PJ45429>) [_PJ45429_](<https://www.ibm.com/support/entdocview.wss?uid=swg1PJ45429>)\n\n| [_5.2.1.7-P8CPE-IF004_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \\- 10/8/2018 \n[_5.5.0.0-P8CPE-IF003_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.5.0.0&platform=All&function=all>) \\- 12/14/2018 \n[_5.5.1.0-P8CPE-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.5.1.0&platform=All&function=all>) \\- 1/15/2019 \n| | | \n \n \nIn the above table, the APAR links will provide more information about the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2019-01-16T20:05:01", "type": "ibm", "title": "Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2019-01-16T20:05:01", "id": "332EB7C24BEDDB6A08EB1D2E56168DBF8FB7B8EE1E89939D477827DEB2BC62FA", "href": "https://www.ibm.com/support/pages/node/731533", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T05:36:06", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www.ibm.com/support/docview.wss?uid=swg22016216>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Versions\n\n| Affected Supporting Product and Versions \n---|--- \nIBM Case Manager 5.1.1 \nIBM Case Manager 5.2.0 \nIBM Case Manager 5.2.1 \nIBM Case Manager 5.3.0 \nIBM Case Manager 5.3.1 \nIBM Case Manager 5.3.2 \nIBM Case Manager 5.3.3 | IBM WebSphere Application Server 7.0 \nIBM WebSphere Application Server 8.0 \nIBM WebSphere Application Server 8.5 \nIBM WebSphere Application Server 9.0 \n \n## ", "cvss3": {}, "published": "2018-07-20T00:48:46", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-07-20T00:48:46", "id": "B6D98686FB4CE3794F12AA810C56116765161F3CB64E9212B301423AF70BBA48", "href": "https://www.ibm.com/support/pages/node/717539", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:50:56", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin: [Information disclosure in Apache Commons HttpClient used by WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)** | **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns | WebSphere Application Server: \n\n * Version 9.0\n * Version 8.5\n * Version 8.0 \n \n## ", "cvss3": {}, "published": "2018-06-26T19:40:51", "type": "ibm", "title": "Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2018-06-26T19:40:51", "id": "D69CAB0B695FDB3F4A13D03095C9000050A31CA1EEA0F9ED3CBD01DC6FA43F1A", "href": "https://www.ibm.com/support/pages/node/713733", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T18:27:11", "description": "## Summary\n\nWebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Tivoli System Automation Application Manager 4.1.0.0 \u2013 4.1.0.1\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.\n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nIBM Tivoli System Automation Application Manager 4.1\n\n| \n\nWebSphere Application Server 8.5\n\n| \n\n[Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2023-01-17T17:35:00", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2012-5783).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2023-01-17T17:35:00", "id": "AF3CBD718F3297D87FDA4616011F4CD425D9EBE3BB2880108811A5CAEF018EB6", "href": "https://www.ibm.com/support/pages/node/719301", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:41:35", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783) ](<http://www.ibm.com/support/docview.wss?uid=swg22016216>)for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n\\- IBM Business Automation Workflow V18.0.0.0\n\n\\- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03\n\n\\- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06\n\n\\- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2\n\n\\- IBM Business Process Manager V8.5.5.0\n\n\\- IBM Business Process Manager V8.5.0.0 through V8.5.0.2\n\n\\- IBM Business Process Manager V8.0.0.0 through V8.0.1.3\n\n\\- IBM Business Process Manager V7.5.0.0 through V7.5.1.2\n\n\\- IBM Business Process Manager Enterprise Service Bus V8.6.0.0\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.5.0.0 through V7.5.1.2\n\n\\- WebSphere Lombardi Edition V7.2.0.0 through V7.2.0.5 (and earlier unsupported releases)\n\n\\- WebSphere Enterprise Service Bus V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus V7.5.0.0 through V7.5.1.2\n\n \nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n_For__ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-09-14T15:57:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2022-09-14T15:57:03", "id": "269ED09DF8DEC59D6D5C76BBBEC1A3E9EB81FC2A6B977AF71E1341BCCE84CE32", "href": "https://www.ibm.com/support/pages/node/712439", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:45:30", "description": "## Summary\n\nThere is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2012-5783_](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/79984_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.0 - 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version | Affected Supporting Product Security Bulletin \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3 | Websphere Application Server Full Profile 8.5.5 | \n\n# [Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)](<http://www-01.ibm.com/support/docview.wss?uid=swg22016216>) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS iFix\n\n## ", "cvss3": {}, "published": "2018-11-28T12:00:02", "type": "ibm", "title": "Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped with Jazz for Service Management (CVE-2012-5783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2018-11-28T12:00:02", "id": "96B854658FB25B1C41C7953D07DFA40702863F7DF3DA2149F3BC57ED6B4B5CAA", "href": "https://www.ibm.com/support/pages/node/741903", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "gentoo": [{"lastseen": "2023-12-07T10:49:28", "description": "### Background\n\nThe Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Commons FileUpload. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nGentoo has discontinued support for Apache Commons FileUpload. We recommend that users unmerge it: \n \n \n # emerge --ask --depclean \"dev-java/commons-fileupload\"\n \n\nNOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload have discontinued support at this time. It may be possible that a new Gentoo developer will update Apache Commons FileUpload at a later date. We do not have a suggestion for a replacement at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-17T00:00:00", "type": "gentoo", "title": "Apache Commons FileUpload: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2021-07-17T00:00:00", "id": "GLSA-202107-39", "href": "https://security.gentoo.org/glsa/202107-39", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-11-22T15:08:38", "description": "The remote host is affected by the vulnerability described in GLSA-202107-39 (Apache Commons FileUpload: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Commons FileUpload. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0248", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:commons-fileupload", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-39.NASL", "href": "https://www.tenable.com/plugins/nessus/156985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-39.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156985);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\"CVE-2013-0248\", \"CVE-2014-0050\", \"CVE-2016-3092\");\n script_xref(name:\"GLSA\", value:\"202107-39\");\n\n script_name(english:\"GLSA-202107-39 : Apache Commons FileUpload: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-39\n(Apache Commons FileUpload: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Commons\n FileUpload. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202107-39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Gentoo has discontinued support for Apache Commons FileUpload. We\n recommend that users unmerge it:\n # emerge --ask --depclean 'dev-java/commons-fileupload'\n NOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload have\n discontinued support at this time. It may be possible that a new Gentoo\n developer will update Apache Commons FileUpload at a later date. We do\n not have a suggestion for a replacement at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-3092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/commons-fileupload\", unaffected:make_list(), vulnerable:make_list(\"le 1.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Commons FileUpload\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T13:05:17", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0758-1 advisory.\n\n - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. (CVE-2016-3092)\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : jakarta-commons-fileupload (SUSE-SU-2023:0758-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3092", "CVE-2023-24998"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload", "p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2023-0758-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172650", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0758-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172650);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2016-3092\", \"CVE-2023-24998\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0758-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : jakarta-commons-fileupload (SUSE-SU-2023:0758-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:0758-1 advisory.\n\n - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before\n 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote\n attackers to cause a denial of service (CPU consumption) via a long boundary string. (CVE-2016-3092)\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting\n in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note\n that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is\n not enabled by default and must be explicitly configured. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/986359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-3092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-24998\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7ad1437\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-fileupload and / or jakarta-commons-fileupload-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3092\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-24998\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'jakarta-commons-fileupload-1.1.1-122.8.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-122.8.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T17:02:53", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0730-1 advisory.\n\n - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. (CVE-2016-3092)\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : jakarta-commons-fileupload (SUSE-SU-2023:0730-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3092", "CVE-2023-24998"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-0730-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172567", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0730-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172567);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2016-3092\", \"CVE-2023-24998\");\n script_xref(name:\"IAVA\", value:\"2018-A-0117-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0224-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0303-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0225-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0730-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : jakarta-commons-fileupload (SUSE-SU-2023:0730-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2023:0730-1 advisory.\n\n - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before\n 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote\n attackers to cause a denial of service (CPU consumption) via a long boundary string. (CVE-2016-3092)\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting\n in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note\n that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is\n not enabled by default and must be explicitly configured. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/986359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-3092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-24998\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f840f25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-fileupload and / or jakarta-commons-fileupload-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3092\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2023-24998\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'jakarta-commons-fileupload-1.1.1-150000.4.8.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'jakarta-commons-fileupload-1.1.1-150000.4.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'jakarta-commons-fileupload-1.1.1-150000.4.8.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-150000.4.8.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T15:45:23", "description": "The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability:\n\n - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_36_FILEUPLOAD.NASL", "href": "https://www.tenable.com/plugins/nessus/118732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118732);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_bugtraq_id(93604);\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n script_xref(name:\"IAVA\", value:\"2018-A-0355-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.3.36\nor prior. It is, therefore, affected by the following vulnerability:\n\n - A deserialization vulnerability in Apache Commons \n FileUpload which could be leveraged for remote\n code execution. (CVE-2016-1000031)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed31d635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2016-12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.5.12 or later.\nAlternatively, apply the workaround referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{ \"min_version\" : \"2.3.0\", \"max_version\" : \"2.3.36\", \"fixed_version\":\"2.5.12\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:51:02", "description": "This update for jakarta-commons-fileupload fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jakarta-commons-fileupload", "p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1399.NASL", "href": "https://www.tenable.com/plugins/nessus/125212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1399.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125212);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n\n script_name(english:\"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)\");\n script_summary(english:\"Check for the openSUSE-2019-1399 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jakarta-commons-fileupload fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963,\n bsc#1128829).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-fileupload packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"jakarta-commons-fileupload-1.1.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"jakarta-commons-fileupload-javadoc-1.1.1-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T13:02:26", "description": "The version of Tomcat installed on the remote host is prior to 10.1.5. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.5_security-10 advisory.\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n (CVE-2023-24998)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-20T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.1.0.M1 < 10.1.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-24998"], "modified": "2023-03-27T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_1_5.NASL", "href": "https://www.tenable.com/plugins/nessus/171663", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171663);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/27\");\n\n script_cve_id(\"CVE-2023-24998\");\n script_xref(name:\"IAVA\", value:\"2023-A-0112-S\");\n\n script_name(english:\"Apache Tomcat 10.1.0.M1 < 10.1.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.1.5. It is, therefore, affected by a vulnerability as\nreferenced in the fixed_in_apache_tomcat_10.1.5_security-10 advisory.\n\n - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting\n in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n (CVE-2023-24998)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7328001e\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e233280e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.1.5 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-24998\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.1.5', min:'10.1.0.M1', severity:SECURITY_HOLE, granularity_regex: \"^10(\\.1)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-03T13:35:06", "description": "The version of apache-commons-io installed on the remote host is prior to 2.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2059 advisory.\n\n - In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like //../foo, or \\\\..\\foo, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus limited path traversal), if the calling code would use the result to construct a path value. (CVE-2021-29425)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-06-05T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : apache-commons-io (ALAS-2023-2059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29425"], "modified": "2023-06-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:apache-commons-io", "p-cpe:/a:amazon:linux:apache-commons-io-javadoc", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-2059.NASL", "href": "https://www.tenable.com/plugins/nessus/176708", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2059.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176708);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/06\");\n\n script_cve_id(\"CVE-2021-29425\");\n\n script_name(english:\"Amazon Linux 2 : apache-commons-io (ALAS-2023-2059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of apache-commons-io installed on the remote host is prior to 2.4-12. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2023-2059 advisory.\n\n - In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input\n string, like //../foo, or \\\\..\\foo, the result would be the same value, thus possibly providing access\n to files in the parent directory, but not further above (thus limited path traversal), if the calling\n code would use the result to construct a path value. (CVE-2021-29425)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-2059.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-29425.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update apache-commons-io' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29425\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apache-commons-io\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apache-commons-io-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'apache-commons-io-2.4-12.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache-commons-io-javadoc-2.4-12.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-io / apache-commons-io-javadoc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-20T16:10:08", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2741 advisory.\n\n - In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like //../foo, or \\\\..\\foo, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus limited path traversal), if the calling code would use the result to construct a path value. (CVE-2021-29425)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-19T00:00:00", "type": "nessus", "title": "Debian DLA-2741-1 : commons-io - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29425"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcommons-io-java", "p-cpe:/a:debian:debian_linux:libcommons-io-java-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/152662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2741. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152662);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-29425\");\n\n script_name(english:\"Debian DLA-2741-1 : commons-io - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2741\nadvisory.\n\n - In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input\n string, like //../foo, or \\\\..\\foo, the result would be the same value, thus possibly providing access\n to files in the parent directory, but not further above (thus limited path traversal), if the calling\n code would use the result to construct a path value. (CVE-2021-29425)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/commons-io\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/commons-io\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the commons-io packages.\n\nFor Debian 9 stretch, this problem has been fixed in version 2.5-1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29425\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-io-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-io-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libcommons-io-java', 'reference': '2.5-1+deb9u1'},\n {'release': '9.0', 'prefix': 'libcommons-io-java-doc', 'reference': '2.5-1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcommons-io-java / libcommons-io-java-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:42:54", "description": "jakarta-commons-fileupload received a security fix :\n\n - A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker could able to supply a serialized instance of the DiskFileItem class, which would be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process. (CVE-2013-2186)", "cvss3": {}, "published": "2013-11-13T00:00:00", "type": "nessus", "title": "SuSE 11.2 / 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Numbers 8445 / 8446)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload", "p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-131017.NASL", "href": "https://www.tenable.com/plugins/nessus/70872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70872);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2186\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Numbers 8445 / 8446)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"jakarta-commons-fileupload received a security fix :\n\n - A poison null byte flaw was found in the implementation\n of the DiskFileItem class. A remote attacker could able\n to supply a serialized instance of the DiskFileItem\n class, which would be deserialized on a server, could\n use this flaw to write arbitrary content to any location\n on the server that is permitted by the user running the\n application server process. (CVE-2013-2186)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2186.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8445 / 8446 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"jakarta-commons-fileupload-1.1.1-1.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"jakarta-commons-fileupload-javadoc-1.1.1-1.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"jakarta-commons-fileupload-1.1.1-1.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"jakarta-commons-fileupload-javadoc-1.1.1-1.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:22:34", "description": "This update fixes a security vulnerability that caused jakarta-commons-httpclient not to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate (CVE-2012-5783).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-02-04T00:00:00", "type": "nessus", "title": "Fedora 18 : jakarta-commons-httpclient-3.1-12.fc18 (2013-1203)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-1203.NASL", "href": "https://www.tenable.com/plugins/nessus/64404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-1203.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64404);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5783\");\n script_xref(name:\"FEDORA\", value:\"2013-1203\");\n\n script_name(english:\"Fedora 18 : jakarta-commons-httpclient-3.1-12.fc18 (2013-1203)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security vulnerability that caused\njakarta-commons-httpclient not to verify that the server hostname\nmatches a domain name in the subject's Common Name (CN) or\nsubjectAltName field of the X.509 certificate, which allowed\nman-in-the-middle attackers to spoof SSL servers via andaarbitrary\nvalid certificate (CVE-2012-5783).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=873317\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/097836.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68b7d5d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-httpclient package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"jakarta-commons-httpclient-3.1-12.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:30:27", "description": "jakarta-commons-httpclient3 was updated to add SSL certificate hostname checking. (CVE-2012-5783)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jakarta-commons-httpclient3 (openSUSE-SU-2013:0354-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jakarta-commons-httpclient", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-demo", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-javadoc", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-manual", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-demo", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-javadoc", "p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-manual", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-161.NASL", "href": "https://www.tenable.com/plugins/nessus/74904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74904);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5783\");\n\n script_name(english:\"openSUSE Security Update : jakarta-commons-httpclient3 (openSUSE-SU-2013:0354-1)\");\n script_summary(english:\"Check for the openSUSE-2013-161 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"jakarta-commons-httpclient3 was updated to add SSL certificate\nhostname checking. (CVE-2012-5783)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-httpclient3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-httpclient3-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"jakarta-commons-httpclient3-3.0.1-313.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"jakarta-commons-httpclient3-demo-3.0.1-313.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"jakarta-commons-httpclient3-javadoc-3.0.1-313.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"jakarta-commons-httpclient3-manual-3.0.1-313.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-httpclient-3.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-httpclient-demo-3.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-httpclient-javadoc-3.1-2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-httpclient-manual-3.1-2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:22:59", "description": "An updated jakarta-commons-fileupload package that fixes one security issue is now available for Red Hat JBoss Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Apache Commons FileUpload component can be used to add a file upload capability to your applications.\n\nA flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. (CVE-2013-2186)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss Enterprise Web Server installation (including all applications and configuration files).\n\nAll users of Red Hat JBoss Web Server 1.0.2 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to this updated package. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jakarta-commons-fileupload", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1428.NASL", "href": "https://www.tenable.com/plugins/nessus/78973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1428. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78973);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-2186\");\n script_bugtraq_id(63174);\n script_xref(name:\"RHSA\", value:\"2013:1428\");\n script_xref(name:\"TRA\", value:\"TRA-2016-23\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1428)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jakarta-commons-fileupload package that fixes one security\nissue is now available for Red Hat JBoss Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Apache Commons FileUpload component can be used to add a file\nupload capability to your applications.\n\nA flaw was found in the way the DiskFileItem class handled NULL\ncharacters in file names. A remote attacker able to supply a\nserialized instance of the DiskFileItem class, which will be\ndeserialized on a server, could use this flaw to write arbitrary\ncontent to any location on the server that is accessible to the user\nrunning the application server process. (CVE-2013-2186)\n\nWarning: Before applying the update, back up your existing Red Hat\nJBoss Enterprise Web Server installation (including all applications\nand configuration files).\n\nAll users of Red Hat JBoss Web Server 1.0.2 on Red Hat Enterprise\nLinux 5 and 6 are advised to upgrade to this updated package. The\nJBoss server process must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-fileupload package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1428\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"jakarta-commons-fileupload-1.1.1-7.7.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jakarta-commons-fileupload-1.1.1-7.7.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-fileupload\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:45:23", "description": "It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.", "cvss3": {}, "published": "2013-12-24T00:00:00", "type": "nessus", "title": "Debian DSA-2827-1 : libcommons-fileupload-java - arbitrary file upload via deserialization", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcommons-fileupload-java", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2827.NASL", "href": "https://www.tenable.com/plugins/nessus/71618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2827. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71618);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2186\");\n script_bugtraq_id(63174);\n script_xref(name:\"DSA\", value:\"2827\");\n script_xref(name:\"TRA\", value:\"TRA-2016-23\");\n\n script_name(english:\"Debian DSA-2827-1 : libcommons-fileupload-java - arbitrary file upload via deserialization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to\nservlets and web applications, incorrectly handled file names with\nNULL bytes in serialized instances. A remote attacker able to supply a\nserialized instance of the DiskFileItem class, which will be\ndeserialized on a server, could use this flaw to write arbitrary\ncontent to any location on the server that is accessible to the user\nrunning the application server process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libcommons-fileupload-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libcommons-fileupload-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libcommons-fileupload-java packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 1.2.2-1+deb6u1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-fileupload-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcommons-fileupload-java\", reference:\"1.2.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcommons-fileupload-java-doc\", reference:\"1.2.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcommons-fileupload-java\", reference:\"1.2.2-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcommons-fileupload-java-doc\", reference:\"1.2.2-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:32:14", "description": "	A remote attacker could supply a serialized instance of the DiskFileItem class, which would be deserialized on a server and write arbitrary content to any location on the server that is permitted by the user running the application server process.\nbnc#846174/CVE-2013-2186", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2013:1571-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jakarta-commons-fileupload", "p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-786.NASL", "href": "https://www.tenable.com/plugins/nessus/75174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-786.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75174);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2186\");\n script_bugtraq_id(63174);\n script_xref(name:\"TRA\", value:\"TRA-2016-23\");\n\n script_name(english:\"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2013:1571-1)\");\n script_summary(english:\"Check for the openSUSE-2013-786 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"	A remote attacker could supply a serialized instance of the\nDiskFileItem class, which would be deserialized on a server and write\narbitrary content to any location on the server that is permitted by\nthe user running the application server process.\nbnc#846174/CVE-2013-2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-fileupload packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-fileupload-1.1.1-112.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"jakarta-commons-fileupload-javadoc-1.1.1-112.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"jakarta-commons-fileupload-1.1.1-114.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"jakarta-commons-fileupload-javadoc-1.1.1-114.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:20:50", "description": "xalan-j2 was updated to ensure secure processing can't be circumvented (CVE-2014-0107).", "cvss3": {}, "published": "2014-07-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xalan-j2 (openSUSE-SU-2014:0861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xalan-j2", "p-cpe:/a:novell:opensuse:xalan-j2-demo", "p-cpe:/a:novell:opensuse:xalan-j2-javadoc", "p-cpe:/a:novell:opensuse:xalan-j2-manual", "p-cpe:/a:novell:opensuse:xalan-j2-xsltc", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-445.NASL", "href": "https://www.tenable.com/plugins/nessus/76336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-445.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0107\");\n\n script_name(english:\"openSUSE Security Update : xalan-j2 (openSUSE-SU-2014:0861-1)\");\n script_summary(english:\"Check for the openSUSE-2014-445 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xalan-j2 was updated to ensure secure processing can't be circumvented\n(CVE-2014-0107).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-07/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xalan-j2-2.7.0-259.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xalan-j2-demo-2.7.0-259.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xalan-j2-javadoc-2.7.0-259.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xalan-j2-manual-2.7.0-259.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xalan-j2-xsltc-2.7.0-259.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xalan-j2-2.7.0-262.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xalan-j2-demo-2.7.0-262.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xalan-j2-manual-2.7.0-262.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xalan-j2-xsltc-2.7.0-262.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:48:19", "description": "The version Oracle WebCenter Sites installed on the remote host is missing a security patch from the January 2016 Critical Patch Update (CPU). It is, therefore, affected by a security bypass vulnerability in the Apache Xalan-Java library due to a failure to properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can exploit this to bypass restrictions and load arbitrary classes or access external resources.", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "nessus", "title": "Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_WEBCENTER_SITES_JAN_2016_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/88044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88044);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n\n script_name(english:\"Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The website content management system installed on the remote host is\naffected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version Oracle WebCenter Sites installed on the remote host is\nmissing a security patch from the January 2016 Critical Patch Update\n(CPU). It is, therefore, affected by a security bypass vulnerability\nin the Apache Xalan-Java library due to a failure to properly restrict\naccess to certain properties when FEATURE_SECURE_PROCESSING is\nenabled. A remote attacker can exploit this to bypass restrictions and\nload arbitrary classes or access external resources.\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf53dcd7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_webcenter_sites_installed.nbin\");\n script_require_keys(\"SMB/WebCenter_Sites/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = kb_smb_transport();\n\nget_kb_item_or_exit('SMB/WebCenter_Sites/Installed');\n\nversions = get_kb_list('SMB/WebCenter_Sites/*/Version');\nif (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');\n\nreport = '';\n\nforeach key (keys(versions))\n{\n fix = '';\n\n version = versions[key];\n revision = get_kb_item(key - '/Version' + '/Revision');\n path = get_kb_item(key - '/Version' + '/Path');\n\n if (isnull(version) || isnull(revision)) continue;\n\n # Patch 22174981 - 11.1.1.8.0 < Revision 180102\n if (version =~ \"^11\\.1\\.1\\.8\\.0$\" && revision < 180102)\n fix = '\\n Fixed revision : 180102' +\n '\\n Required patch : 22174981';\n\n # Patch 21834997 - 7.6.2 < Revision 179663\n if (version =~ \"^7\\.6\\.2(\\.|$)\" && revision < 179663)\n fix = '\\n Fixed revision : 179663' +\n '\\n Required patch : 21834997';\n\n if (fix != '')\n {\n if (!isnull(path)) report += '\\n Path : ' + path;\n report += '\\n Version : ' + version +\n '\\n Revision : ' + revision +\n fix + '\\n';\n }\n}\n\nif (report != '')\n{\n if (report_verbosity > 0) security_hole(port:port, extra:report);\n else security_hole(port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Oracle WebCenter Sites\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:26:56", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-05-01T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss EAP (RHSA-2014:0453)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xalan-j2-eap6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0453.NASL", "href": "https://www.tenable.com/plugins/nessus/73796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0453. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73796);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0453\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EAP (RHSA-2014:0453)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.2.2 packages\nthat fix one security issue are now available for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.2 on\nRed Hat Enterprise Linux 5 and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0107\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2-eap6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0453\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"xalan-j2-eap6-\") || rpm_exists(release:\"RHEL6\", rpm:\"xalan-j2-eap6-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"xalan-j2-eap6-2.7.1-9.redhat_7.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-eap6-2.7.1-9.redhat_7.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2-eap6\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:26:44", "description": "This update fixes a remote code execution security vulnerability (CVE-2014-0107).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-04-07T00:00:00", "type": "nessus", "title": "Fedora 19 : xalan-j2-2.7.1-22.fc19 (2014-4426)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xalan-j2", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-4426.NASL", "href": "https://www.tenable.com/plugins/nessus/73356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4426.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73356);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"FEDORA\", value:\"2014-4426\");\n\n script_name(english:\"Fedora 19 : xalan-j2-2.7.1-22.fc19 (2014-4426)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a remote code execution security vulnerability\n(CVE-2014-0107).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1080248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5382a6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xalan-j2-2.7.1-22.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:42:25", "description": "It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-11-13T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : libcommons-fileupload-java vulnerability (USN-2029-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libcommons-fileupload-java", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2029-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70876", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2029-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70876);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-2186\");\n script_bugtraq_id(63174);\n script_xref(name:\"TRA\", value:\"TRA-2016-23\");\n script_xref(name:\"USN\", value:\"2029-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : libcommons-fileupload-java vulnerability (USN-2029-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Apache Commons FileUpload incorrectly handled\nfile names with NULL bytes in serialized instances. An attacker could\nuse this issue to possibly write to arbitrary files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2029-1/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libcommons-fileupload-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcommons-fileupload-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcommons-fileupload-java\", pkgver:\"1.2.1-3ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcommons-fileupload-java\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:14", "description": "From Red Hat Security Advisory 2014:0348 :\n\nUpdated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-04-02T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : xalan-j2 (ELSA-2014-0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xalan-j2", "p-cpe:/a:oracle:linux:xalan-j2-demo", "p-cpe:/a:oracle:linux:xalan-j2-javadoc", "p-cpe:/a:oracle:linux:xalan-j2-manual", "p-cpe:/a:oracle:linux:xalan-j2-xsltc", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0348.NASL", "href": "https://www.tenable.com/plugins/nessus/73294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0348 and \n# Oracle Linux Security Advisory ELSA-2014-0348 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73294);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0348\");\n\n script_name(english:\"Oracle Linux 5 / 6 : xalan-j2 (ELSA-2014-0348)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0348 :\n\nUpdated xalan-j2 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into\nHTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004058.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xalan-j2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-demo-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-javadoc-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-manual-2.7.0-9.9.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xalan-j2-xsltc-2.7.0-9.9.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2 / xalan-j2-demo / xalan-j2-javadoc / xalan-j2-manual / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:20:52", "description": "xalan-j2 has been updated to ensure that secure processing can't be circumvented. (CVE-2014-0107)", "cvss3": {}, "published": "2014-07-05T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:xalan-j2", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_XALAN-J2-140623.NASL", "href": "https://www.tenable.com/plugins/nessus/76373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76373);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0107\");\n\n script_name(english:\"SuSE 11.3 Security Update : xalan-j2 (SAT Patch Number 9426)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xalan-j2 has been updated to ensure that secure processing can't be\ncircumvented. (CVE-2014-0107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9426.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"xalan-j2-2.7.0-217.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:26:16", "description": "Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2014-04-02T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : xalan-j2 (RHSA-2014:0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xalan-j2", "p-cpe:/a:redhat:enterprise_linux:xalan-j2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xalan-j2-demo", "p-cpe:/a:redhat:enterprise_linux:xalan-j2-javadoc", "p-cpe:/a:redhat:enterprise_linux:xalan-j2-manual", "p-cpe:/a:redhat:enterprise_linux:xalan-j2-xsltc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0348.NASL", "href": "https://www.tenable.com/plugins/nessus/73295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0348. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73295);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0107\");\n script_bugtraq_id(66397);\n script_xref(name:\"RHSA\", value:\"2014:0348\");\n\n script_name(english:\"RHEL 5 / 6 : xalan-j2 (RHSA-2014:0348)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xalan-j2 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nXalan-Java is an XSLT processor for transforming XML documents into\nHTML, text, or other XML document types.\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of\nthe secure processing feature. Depending on the components available\nin the classpath, this could lead to arbitrary remote code execution\nin the context of the application server running the application that\nuses Xalan-Java. (CVE-2014-0107)\n\nAll xalan-j2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0107\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xalan-j2-xsltc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0348\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-debuginfo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-debuginfo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-debuginfo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-demo-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-javadoc-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-manual-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xalan-j2-xsltc-2.7.0-6jpp.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-2.7.0-9.9.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-demo-2.7.0-9.9.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-javadoc-2.7.0-9.9.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-manual-2.7.0-9.9.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"xalan-j2-xsltc-2.7.0-9.9.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xalan-j2 / xalan-j2-debuginfo / xalan-j2-demo / xalan-j2-javadoc / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-20T15:41:30", "description": "The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15, 8.5.0.x prior to 8.5.5.13 or 9.0.x prior to 9.0.0.7. It is, therefore, affected by a remote code execution vulnerability due to improper deserialization of untrusted data in the DiskFileItem class of the FileUpload library in the Apache Commons FileUpload subcomponent. An unauthenticated, remote attacker can exploit this to execute arbitrary code under the context of the current process.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_301027.NASL", "href": "https://www.tenable.com/plugins/nessus/141564", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141564);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15, 8.5.0.x prior to\n8.5.5.13 or 9.0.x prior to 9.0.0.7. It is, therefore, affected by a remote code execution vulnerability due to improper\ndeserialization of untrusted data in the DiskFileItem class of the FileUpload library in the Apache Commons FileUpload\nsubcomponent. An unauthenticated, remote attacker can exploit this to execute arbitrary code under the context of the\ncurrent process.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/301027\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.0.0.15, 8.5.5.13, 9.0.0.7, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix PI90804.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PI90804';\n\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PI90804' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.14', 'fixed_version':'8.0.0.15 or ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.12', 'fixed_version':'8.5.5.13 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.0.6', 'fixed_version':'9.0.0.7 or ' + fix}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:56:48", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14044-1 advisory.\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : jakarta-commons-fileupload (SUSE-SU-2019:14044-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload", "p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14044-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14044-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150613);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14044-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0328\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : jakarta-commons-fileupload (SUSE-SU-2019:14044-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2019:14044-1 advisory.\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution\n (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1128829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1128963\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914044-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abc15cef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-1000031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-fileupload and / or jakarta-commons-fileupload-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'jakarta-commons-fileupload-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'jakarta-commons-fileupload-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:08:45", "description": "Apache Axis2 reports :\n\nThe commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 (AXIS2-5853).", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:axis2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "href": "https://www.tenable.com/plugins/nessus/102280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102280);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Apache Axis2 reports :\n\nThe commons-fileupload dependency has been updated to a version that\nfixes CVE-2016-1000031 (AXIS2-5853).\");\n script_set_attribute(attribute:\"see_also\", value:\"http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/AXIS2-5853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/FILEUPLOAD-279\");\n # https://vuxml.freebsd.org/freebsd/c1265e85-7c95-11e7-93af-005056925db4.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d63db941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2016-12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axis2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axis2<1.7.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:18:44", "description": "https://vulners.com/cve/CVE-2012-5783 https://vulners.com/cve/CVE-2012-5783 Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.", "cvss3": {}, "published": "2023-04-18T00:00:00", "type": "nessus", "title": "AIX 7.3 TL 0 : commonshttp (IJ45224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2023-11-16T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.3"], "id": "AIX_IJ45224.NASL", "href": "https://www.tenable.com/plugins/nessus/174446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory commonshttp_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(174446);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/16\");\n\n script_cve_id(\"CVE-2012-5783\");\n\n script_name(english:\"AIX 7.3 TL 0 : commonshttp (IJ45224)\");\n script_summary(english:\"Check for APAR IJ45224\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783 Apache\nCommons HttpClient, as used in Amazon Flexible Payments Service (FPS)\nmerchant Java SDK and other products, could allow a remote attacker to\nconduct spoofing attacks, caused by the failure to verify that the\nserver hostname matches a domain name in the subject's Common Name\n(CN) field of the X.509 certificate. By persuading a victim to visit a\nWeb site containing a specially-crafted certificate, an attacker could\nexploit this vulnerability using man-in-the-middle techniques to spoof\nan SSL server.\"\n );\n # https://aix.software.ibm.com/aix/efixes/security/commonshttp_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f4c6751\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5783\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.3\", ml:\"00\", sp:\"01\", patch:\"IJ45224s2a\", package:\"bos.ecc_client.rte\", minfilesetver:\"7.3.0.0\", maxfilesetver:\"7.3.0.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.3\", ml:\"00\", sp:\"02\", patch:\"IJ45224s2a\", package:\"bos.ecc_client.rte\", minfilesetver:\"7.3.0.0\", maxfilesetver:\"7.3.0.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.3\", ml:\"00\", sp:\"03\", patch:\"IJ45224s2a\", package:\"bos.ecc_client.rte\", minfilesetver:\"7.3.0.0\", maxfilesetver:\"7.3.0.1\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T16:51:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852501", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852501\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2016-1000031\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:34 +0000 (Thu, 16 May 2019)\");\n script_name(\"openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1399-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jakarta-commons-fileupload'\n package(s) announced via the openSUSE-SU-2019:1399-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for jakarta-commons-fileupload fixes the following issue:\n\n Security issue fixed:\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1399=1\");\n\n script_tag(name:\"affected\", value:\"'jakarta-commons-fileupload' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload\", rpm:\"jakarta-commons-fileupload~1.1.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload-javadoc\", rpm:\"jakarta-commons-fileupload-javadoc~1.1.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:27", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote\nCode Execution. Apache Struts version 2.3.36 and prior contain the affected Commons FileUpload library.", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310141668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141668", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141668\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 13:09:14 +0700 (Thu, 08 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-1000031\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n\n script_tag(name:\"summary\", value:\"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote\nCode Execution. Apache Struts version 2.3.36 and prior contain the affected Commons FileUpload library.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts 2.3.36 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to Struts version 2.5.12 or later or update the Commons FileUpload\nlibrary manually to version 1.3.3.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE)) exit(0);\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less_equal(version: version, test_version: \"2.3.36\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.5.12\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "description": "Oracle Linux Local Security Checks ELSA-2013-0270", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0270", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0270.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123724\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:41 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0270\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0270 - jakarta-commons-httpclient security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0270\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0270.html\");\n script_cve_id(\"CVE-2012-5783\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient\", rpm:\"jakarta-commons-httpclient~3.1~0.7.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-demo\", rpm:\"jakarta-commons-httpclient-demo~3.1~0.7.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-javadoc\", rpm:\"jakarta-commons-httpclient-javadoc~3.1~0.7.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-manual\", rpm:\"jakarta-commons-httpclient-manual~3.1~0.7.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:46", "description": "It was discovered that Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications, incorrectly handled file names with NULL bytes in\nserialized instances. A remote attacker able to supply a serialized\ninstance of the DiskFileItem class, which will be deserialized on a\nserver, could use this flaw to write arbitrary content to any location\non the server that is accessible to the user running the application\nserver process.", "cvss3": {}, "published": "2013-12-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2827-1 (libcommons-fileupload-java - arbitrary file upload via deserialization)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:702827", "href": "http://plugins.openvas.org/nasl.php?oid=702827", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2827.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2827-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"libcommons-fileupload-java on Debian Linux\";\ntag_insight = \"The Commons FileUpload package makes it easy to add robust, high-performance,\nfile upload capability to your servlets and web applications.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.3-2.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3-2.1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\";\ntag_summary = \"It was discovered that Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications, incorrectly handled file names with NULL bytes in\nserialized instances. A remote attacker able to supply a serialized\ninstance of the DiskFileItem class, which will be deserialized on a\nserver, could use this flaw to write arbitrary content to any location\non the server that is accessible to the user running the application\nserver process.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702827);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2186\");\n script_name(\"Debian Security Advisory DSA 2827-1 (libcommons-fileupload-java - arbitrary file upload via deserialization)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-12-24 00:00:00 +0100 (Tue, 24 Dec 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2827.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for libcommons-fileupload-java USN-2029-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2186"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841621", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2029_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libcommons-fileupload-java USN-2029-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841621\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 16:00:35 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-2186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for libcommons-fileupload-java USN-2029-1\");\n\n script_tag(name:\"affected\", value:\"libcommons-fileupload-java on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that Apache Commons FileUpload incorrectly\nhandled file names with NULL bytes in serialized instances. An attacker could\nuse this issue to possibly write to arbitrary files.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2029-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2029-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libcommons-fileupload-java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.1-3ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:23", "description": "Check for the Version of xalan-j2", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for xalan-j2 FEDORA-2014-4443", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867670", "href": "http://plugins.openvas.org/nasl.php?oid=867670", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xalan-j2 FEDORA-2014-4443\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867670);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:17:18 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xalan-j2 FEDORA-2014-4443\");\n\n tag_insight = \"Xalan is an XSLT processor for transforming XML documents into HTML,\ntext, or other XML document types. It implements the W3C Recommendations\nfor XSL Transformations (XSLT) and the XML Path Language (XPath). It can\nbe used from the command line, in an applet or a servlet, or as a module\nin other program.\n\";\n\n tag_affected = \"xalan-j2 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4443\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131158.html\");\n script_summary(\"Check for the Version of xalan-j2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.1~22.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:31", "description": "Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,\na Java library for XSLT processing. Crafted XSLT programs could\naccess system properties or load arbitrary classes, resulting in\ninformation disclosure and, potentially, arbitrary code execution.", "cvss3": {}, "published": "2014-03-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2886-1 (libxalan2-java - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702886", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702886", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2886.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2886-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702886\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0107\");\n script_name(\"Debian Security Advisory DSA 2886-1 (libxalan2-java - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-26 00:00:00 +0100 (Wed, 26 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2886.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"libxalan2-java on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-5+deb6u1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.1-7+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.1-9.\n\nWe recommend that you upgrade your libxalan2-java packages.\");\n script_tag(name:\"summary\", value:\"Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,\na Java library for XSLT processing. Crafted XSLT programs could\naccess system properties or load arbitrary classes, resulting in\ninformation disclosure and, potentially, arbitrary code execution.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxalan2-java\", ver:\"2.7.1-5+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxalan2-java-doc\", ver:\"2.7.1-5+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxalan2-java-gcj\", ver:\"2.7.1-5+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxsltc-java\", ver:\"2.7.1-5+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxsltc-java-gcj\", ver:\"2.7.1-5+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxalan2-java\", ver:\"2.7.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxalan2-java-doc\", ver:\"2.7.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxsltc-java\", ver:\"2.7.1-7+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for xalan-j2 FEDORA-2014-4426", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0107"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867674", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xalan-j2 FEDORA-2014-4426\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867674\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:26:04 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-0107\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xalan-j2 FEDORA-2014-4426\");\n script_tag(name:\"affected\", value:\"xalan-j2 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4426\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131146.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xalan-j2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"xalan-j2\", rpm:\"xalan-j2~2.7.1~22.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:52:00", "description": "Check for the Version of jakarta-commons-httpclient", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870917", "href": "http://plugins.openvas.org/nasl.php?oid=870917", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Jakarta Commons HttpClient component can be used to build HTTP-aware\n client applications (such as web browsers and web service clients).\n\n The Jakarta Commons HttpClient component did not verify that the server\n hostname matched the domain name in the subject's Common Name (CN) or\n subjectAltName field in X.509 certificates. This could allow a\n man-in-the-middle attacker to spoof an SSL server if they had a certificate\n that was valid for any domain name. (CVE-2012-5783)\n\n All users of jakarta-commons-httpclient are advised to upgrade to these\n updated packages, which correct this issue. Applications using the Jakarta\n Commons HttpClient component must be restarted for this update to take\n effect.\";\n\n\ntag_affected = \"jakarta-commons-httpclient on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00031.html\");\n script_id(870917);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:01:34 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-5783\");\n script_bugtraq_id(58073);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0270-01\");\n script_name(\"RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01\");\n\n script_summary(\"Check for the Version of jakarta-commons-httpclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient\", rpm:\"jakarta-commons-httpclient~3.1~0.7.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-debuginfo\", rpm:\"jakarta-commons-httpclient-debuginfo~3.1~0.7.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient\", rpm:\"jakarta-commons-httpclient~3.0~7jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-debuginfo\", rpm:\"jakarta-commons-httpclient-debuginfo~3.0~7jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-demo\", rpm:\"jakarta-commons-httpclient-demo~3.0~7jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-javadoc\", rpm:\"jakarta-commons-httpclient-javadoc~3.0~7jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jakarta-commons-httpclient-manual\", rpm:\"jakarta-commons-httpclient-manual~3.0~7jpp.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "prion": [{"lastseen": "2023-11-22T03:25:00", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 5.9}, "published": "2016-10-25T14:29:00", "type": "prion", "title": "Remote code execution", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2023-11-07T02:29:00", "id": "PRION:CVE-2016-1000031", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-1000031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T04:41:45", "description": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "cvss3": {}, "published": "2012-11-04T22:55:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2021-04-23T17:28:00", "id": "PRION:CVE-2012-5783", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2012-5783", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-22T04:18:03", "description": "The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.", "cvss3": {}, "published": "2013-03-15T20:55:00", "type": "prion", "title": "Default configuration", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248"], "modified": "2021-07-17T08:15:00", "id": "PRION:CVE-2013-0248", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2013-0248", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "osv": [{"lastseen": "2023-04-11T01:49:59", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T17:51:51", "type": "osv", "title": "Improper Access Control in commons-fileupload", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2023-04-11T01:49:51", "id": "OSV:GHSA-7X9J-7223-RG5M", "href": "https://osv.dev/vulnerability/GHSA-7x9j-7223-rg5m", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:15:12", "description": "\nLukas Euler discovered a path traversal vulnerability in commons-io, a Java\nlibrary for common useful IO related classes. When invoking the method\nFileNameUtils.normalize with an improper input string, like \"//../foo\", or\n\"\\\\..\\foo\", the result would be the same value, thus possibly providing access\nto files in the parent directory, but not further above (thus limited path\ntraversal), if the calling code would use the result to construct a path value.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.5-1+deb9u1.\n\n\nWe recommend that you upgrade your commons-io packages.\n\n\nFor the detailed security status of commons-io please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/commons-io>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2021-08-12T00:00:00", "type": "osv", "title": "commons-io - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2022-07-21T05:53:50", "id": "OSV:DLA-2741-1", "href": "https://osv.dev/vulnerability/DLA-2741-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-04-11T01:38:28", "description": "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.", "cvss3": {}, "published": "2022-05-14T03:52:43", "type": "osv", "title": "Arbitrary file write in Apache Commons Fileupload", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2186"], "modified": "2023-04-11T01:38:24", "id": "OSV:GHSA-QX6H-9567-5FQW", "href": "https://osv.dev/vulnerability/GHSA-qx6h-9567-5fqw", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:16:38", "description": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.", "cvss3": {}, "published": "2022-05-13T01:05:38", "type": "osv", "title": "Improper Authorization in Apache Xalan-Java", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107"], "modified": "2023-04-11T01:16:34", "id": "OSV:GHSA-RC2W-R4JQ-7PFX", "href": "https://osv.dev/vulnerability/GHSA-rc2w-r4jq-7pfx", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2023-12-06T22:56:35", "description": "The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons FileUpload library.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-14T22:03:17", "type": "atlassian", "title": "Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-05-30T15:11:30", "id": "FE-7164", "href": "https://jira.atlassian.com/browse/FE-7164", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:40:40", "description": "The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons FileUpload library.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-14T22:03:17", "type": "atlassian", "title": "Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-05-30T15:11:30", "id": "ATLASSIAN:FE-7164", "href": "https://jira.atlassian.com/browse/FE-7164", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:40:48", "description": "The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031.\u00a0\u00a0Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class.\u00a0\u00a0Crucible has been updated to use the safe version of the Apache Commons FileUpload library.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-14T21:59:23", "type": "atlassian", "title": "Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-20T01:04:42", "id": "ATLASSIAN:CRUC-8382", "href": "https://jira.atlassian.com/browse/CRUC-8382", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T23:02:00", "description": "The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031.\u00a0\u00a0Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class.\u00a0\u00a0Crucible has been updated to use the safe version of the Apache Commons FileUpload library.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-14T21:59:23", "type": "atlassian", "title": "Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-20T01:04:42", "id": "CRUC-8382", "href": "https://jira.atlassian.com/browse/CRUC-8382", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-06T15:47:19", "description": "\n\nApache Axis2 reports:\n\nThe commons-fileupload dependency has been updated to a version that fixes\n\t CVE-2016-1000031 (AXIS2-5853).\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-14T00:00:00", "type": "freebsd", "title": "Axis2 -- Security vulnerability on dependency Apache Commons FileUpload", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2016-11-14T00:00:00", "id": "C1265E85-7C95-11E7-93AF-005056925DB4", "href": "https://vuxml.freebsd.org/freebsd/c1265e85-7c95-11e7-93af-005056925db4.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-12-06T23:29:50", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T17:51:51", "type": "github", "title": "Improper Access Control in commons-fileupload", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2023-02-01T05:03:59", "id": "GHSA-7X9J-7223-RG5M", "href": "https://github.com/advisories/GHSA-7x9j-7223-rg5m", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:29:48", "description": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-04-26T16:04:00", "type": "github", "title": "Path Traversal and Improper Input Validation in Apache Commons IO", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2023-01-27T05:02:27", "id": "GHSA-GWRP-PVRQ-JMWV", "href": "https://github.com/advisories/GHSA-gwrp-pvrq-jmwv", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T17:28:39", "description": "The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.", "cvss3": {}, "published": "2022-05-05T02:48:41", "type": "github", "title": "Incorrect Default Permissions in Apache Commons FileUpload", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248"], "modified": "2023-01-27T05:02:04", "id": "GHSA-VM69-474V-7Q2W", "href": "https://github.com/advisories/GHSA-vm69-474v-7q2w", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-06T14:08:42", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-25T14:29:00", "type": "cve", "title": "CVE-2016-1000031", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2023-11-07T02:29:00", "cpe": ["cpe:/a:apache:commons_fileupload:1.3.2"], "id": "CVE-2016-1000031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:commons_fileupload:1.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:17:06", "description": "The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.", "cvss3": {}, "published": "2013-03-15T20:55:00", "type": "cve", "title": "CVE-2013-0248", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248"], "modified": "2021-07-17T08:15:00", "cpe": ["cpe:/a:apache:commons_fileupload:1.2.1", "cpe:/a:apache:commons_fileupload:1.0", "cpe:/a:apache:commons_fileupload:1.1", "cpe:/a:apache:commons_fileupload:1.2.2", "cpe:/a:apache:commons_fileupload:1.1.1", "cpe:/a:apache:commons_fileupload:1.2"], "id": "CVE-2013-0248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0248", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:33:49", "description": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "cvss3": {}, "published": "2012-11-04T22:55:00", "type": "cve", "title": "CVE-2012-5783", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783"], "modified": "2021-04-23T17:28:00", "cpe": ["cpe:/a:apache:httpclient:3.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2012-5783", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5783", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"]}], "f5": [{"lastseen": "2023-10-15T01:26:40", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution ([CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>))\n\nImpact\n\nRemote attackers can run arbitrary code on the vulnerable device.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-02T21:29:00", "type": "f5", "title": "Apache Commons FileUpload vulnerability CVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-04-02T21:29:00", "id": "F5:K25206238", "href": "https://support.f5.com/csp/article/K25206238", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T18:23:31", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable*| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable*| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable*| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable*****| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable*| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable*| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable*| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*****F5 Product Development has determined that the BIG-IP and Enterprise Manager versions ship the vulnerable software component. However, these products do not implement the software component in a way that exposes this issue.\n\nNone\n\n * K9970: Subscribing to email notifications regarding F5 products\n * K9957: Creating a custom RSS feed to view new and updated documents\n * K4602: Overview of the F5 security vulnerability response policy\n * K4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2016-01-21T21:28:00", "type": "f5", "title": " Apache Commons FileUpload vulnerability CVE-2013-2186", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2186"], "modified": "2017-07-24T17:30:00", "id": "F5:K63443590", "href": "https://support.f5.com/csp/article/K63443590", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:59", "description": "Recommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2014-09-15T00:00:00", "type": "f5", "title": "SOL15595 - Apache Xalan-Java vulnerability CVE-2014-0107", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107"], "modified": "2014-09-15T00:00:00", "id": "SOL15595", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15595.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:24", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "f5", "title": "SOL63443590 - Apache Commons FileUpload vulnerability CVE-2013-2186", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2186"], "modified": "2016-01-21T00:00:00", "id": "SOL63443590", "href": "http://support.f5.com/kb/en-us/solutions/public/k/63/sol63443590.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2023-12-06T22:25:17", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-25T14:29:00", "type": "debiancve", "title": "CVE-2016-1000031", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2016-10-25T14:29:00", "id": "DEBIANCVE:CVE-2016-1000031", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1000031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vaadin": [{"lastseen": "2023-06-22T18:17:32", "description": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. See CWE-770: Allocation of Resources Without Limits or Throttling Affected products and mitigation Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Mitigation Vaadin 10.0.0 - 10.0.21 Upgrade to 10.0.22 (Vaadin extended maintenance starting from June 2023) Vaadin 11.0.0 - 14.9.6 Upgrade to 14.9.7 or newer Vaadin 15.0.0 - 22.0.28 Upgrade to 22.1.0 (Vaadin extended maintenance starting from March 2023) Vaadin 23.0.0 - 23.3.7 Upgrade to 23.3.8 or newer Please note that Vaadin versions 11-13 and 15-22.0 are no longer supported and you should update either to the latest 14, 22.1, 23, 24 version. Artifacts Maven coordinates Vulnerable version Fixed version com.vaadin:flow-server 1.0.0 - 1.0.17 \u22651.0.18 com.vaadin:flow-server 1.1.0 - 2.8.5 \u22652.8.6 com.vaadin:flow-server 3.0.0 - 9.0.26 \u22659.1.0 com.vaadin:flow-server 23.0.0 - 23.3.4 \u226523.3.5 com.vaadin:flow-server 24.0.0.alpha1 - 24.0.rc3 \u226524.0.0 References Original CVE: nvd.nist.gov/vuln/detail/CVE-2023-24998 Vendor advisory: lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy", "cvss3": {}, "published": "2023-06-22T00:00:00", "type": "vaadin", "title": "Apache Commons FileUpload - DoS with excessive parts", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2023-24998"], "modified": "2023-06-22T00:00:00", "id": "VAADIN:ADVISORY-2023-04-19", "href": "https://vaadin.com/security/2023-04-19", "cvss": {"score": 0.0, "vector": "NONE"}}], "tomcat": [{"lastseen": "2023-11-12T13:59:38", "description": "**Important: Apache Tomcat denial of service** [CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>)\n\nApache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload vulnerability [CVE-2023-24998](<https://vulners.com/cve/CVE-2023-24998>) as there was no limit to the number of request parts processed. This resulted in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\nThis was fixed with commit [8a2285f1](<https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce>).\n\nThis issue was reported to the Apache Tomcat Security team on 11 December 2022. The issue was made public on 20 February 2023.\n\nAffects: 10.1.0-M1 to 10.1.4", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-13T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 10.1.5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-01-13T00:00:00", "id": "TOMCAT:1EF4CC5C7BF503712F41C55DB6D80BA3", "href": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cgr": [{"lastseen": "2023-12-08T05:14:22", "description": "Vulnerabilities for packages: jenkins", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-12-08T05:14:22", "type": "cgr", "title": "CVE-2023-24998 vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-24998"], "modified": "2023-12-08T05:14:22", "id": "CHAINGUARD:CVE-2023-24998", "href": "https://packages.cgr.dev/chainguard/security.json", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:30:06", "description": "commons-io is vulnerable to directory traversal. Invoking the method `FileNameUtils.normalize` with a malicious input string would potentially allow access to files within the parent directory.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2021-04-13T06:39:15", "type": "veracode", "title": "Directory Traversal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29425"], "modified": "2022-07-25T21:04:48", "id": "VERACODE:29972", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29972/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-04-18T13:23:57", "description": "The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name when it is deserialized. This vulnerability first requires the application using this library to be deserializing untrusted data.\n", "cvss3": {}, "published": "2019-01-15T09:00:40", "type": "veracode", "title": "Arbitrary File Write With Null Byte In File Name", "bulletinFamily": "