Lucene search

K

Veracode Vulnerability DatabaseVERACODE:29789

HistoryMar 23, 2021 - 6:40 a.m.

Remote Code Execution

2021-03-2306:40:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

xstream is vulnerable to remote code execution. A remote attacker with sufficient rights is able to execute arbitrary code by manipulating the processed input stream.

CPENameOperatorVersion
xstream corele1.4.15
libxstream-java:stretcheq1.4.9-2
libxstream-java:sideq1.4.14-1
libxstream-java:bullseyeeq1.4.14-1
xstreameq1.3.1__12.el7_9
xstreameq1.3.1__10.el7
libxstream-java:hirsuteeq1.4.14-1
libxstream-java:bioniceq1.4.10-1
libxstream-java:bioniceq1.4.11.1-1~18.04
libxstream-java:develeq1.4.11.1-2

Rows per page:

1-10 of 261

References

x-stream.github.io/changes.html#1.4.16

github.com/advisories/GHSA-hwpc-8xqv-jvj4

github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4

lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E

lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E

lists.debian.org/debian-lts-announce/2021/04/msg00002.html

lists.fedoraproject.org/archives/list/[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/

lists.fedoraproject.org/archives/list/[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/

lists.fedoraproject.org/archives/list/[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

security.netapp.com/advisory/ntap-20210430-0002/

www.debian.org/security/2021/dsa-5004

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuoct2021.html

x-stream.github.io/CVE-2021-21345.html

x-stream.github.io/security.html#workaround

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Related for VERACODE:29789

osv4 redhatcve1 github1 ubuntucve1 debiancve1 nuclei1 prion1 cve1 nessus13 oraclelinux1 openvas10 redhat7 centos1 amazon1 debian4 ibm10 suse2 mageia1 ubuntu1 fedora3 oracle3