CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/104222	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041888	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041896	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2413	Patch Third Party Advisory
https://pivotal.io/security/cve-2018-1258	Vendor Advisory
https://security.netapp.com/advisory/ntap-20181018-0002/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/104222	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041888	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041896	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2413	Patch Third Party Advisory
https://pivotal.io/security/cve-2018-1258	Vendor Advisory
https://security.netapp.com/advisory/ntap-20181018-0002/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal_software:spring_security::::::::
	cpe:2.3:a:vmware:spring_framework:5.0.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:agile_plm:9.3.3:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.4:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:application_testing_suite:10.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6.0:::::::*
	cpe:2.3:a:oracle:communications_converged_application_server::::::::
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:communications_network_integrity::::::::
	cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
	cpe:2.3:a:oracle:communications_services_gatekeeper::::::::
	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:::::::*
	cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:::::::*
	cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:::::::*
	cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:::::::*
	cpe:2.3:a:oracle:health_sciences_information_manager:3.0:::::::*
	cpe:2.3:a:oracle:healthcare_master_person_index:3.0:::::::*
	cpe:2.3:a:oracle:healthcare_master_person_index:4.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:::::::*
	cpe:2.3:a:oracle:insurance_calculation_engine:10.2:::::::*
	cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:10.0:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:10.1:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:10.2:::::::*
	cpe:2.3:a:oracle:insurance_policy_administration:11.0:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:10.0:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:10.1:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:10.2:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:11.0:::::::*
	cpe:2.3:a:oracle:insurance_rules_palette:11.1:::::::*
	cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:::::::*
	cpe:2.3:a:oracle:retail_assortment_planning:14.1:::::::*
	cpe:2.3:a:oracle:retail_assortment_planning:15.0:::::::*
	cpe:2.3:a:oracle:retail_assortment_planning:16.0:::::::*
	cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
	cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
	cpe:2.3:a:oracle:retail_central_office:14.0:::::::*
	cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
	cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
	cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:13.2:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:14.0:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:14.1:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:15.0:::::::*
	cpe:2.3:a:oracle:retail_financial_integration:16.0:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:14.1.2:::::::*
	cpe:2.3:a:oracle:retail_point-of-service:14.0:::::::*
	cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
	cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
	cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::*
cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.4:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.2:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:storage_automation_store:-:::::::*

Configuration 4 (hide)

cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:59

11 Apr 2022, 17:18

Type	Values Removed	Values Added
CPE	cpe:2.3:a:pivotal_software:spring_framework:5.0.5:::::::*	cpe:2.3:a:vmware:spring_framework:5.0.5:::::::*

16 Dec 2021, 18:21

Type	Values Removed	Values Added
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:2413 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:2413 - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html -~~	(MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory
References	~~(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html -~~	(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory
CPE		cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::* cpe:2.3:a:oracle:communications_network_integrity:::::::: cpe:2.3:a:redhat:fuse:7.3.0:::::::*

20 Oct 2021, 11:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

Information

Published : 2018-05-11 20:29

Updated : 2024-11-21 03:59

NVD link : CVE-2018-1258

Mitre link : CVE-2018-1258

CVE.ORG link : CVE-2018-1258

JSON object : View

Products Affected

oracle

communications_diameter_signaling_router
peoplesoft_enterprise_fin_install
retail_financial_integration
mysql_enterprise_monitor
application_testing_suite
healthcare_master_person_index
communications_services_gatekeeper
retail_point-of-service
insurance_rules_palette
retail_assortment_planning
hospitality_guest_access
agile_plm
retail_xstore_point_of_service
retail_back_office
retail_central_office
micros_lucas
enterprise_manager_for_mysql_database
weblogic_server
service_architecture_leveraging_tuxedo
communications_network_integrity
communications_performance_intelligence_center
retail_integration_bus
big_data_discovery
insurance_calculation_engine
endeca_information_discovery_integrator
tape_library_acsls
insurance_policy_administration
retail_returns_management
retail_customer_insights
enterprise_manager_ops_center
goldengate_for_big_data
communications_converged_application_server
enterprise_repository
health_sciences_information_manager

netapp

oncommand_unified_manager
oncommand_workflow_automation
oncommand_insight
snapcenter
storage_automation_store

vmware

spring_framework

redhat

fuse

pivotal_software

spring_security

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2018-1258", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-11T20:29:00.260", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/104222", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1041888", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1041896", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2413", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2018-1258", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://security.netapp.com/advisory/ntap-20181018-0002/", "tags": ["Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/104222", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041888", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041896", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2413", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2018-1258", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20181018-0002/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."}, {"lang": "es", "value": "La versi\u00f3n 5.0.5 de Spring Framework, cuando se utiliza en combinaci\u00f3n con cualquier versi\u00f3n de Spring Security, contiene un omisi\u00f3n de autorizaci\u00f3n cuando se utiliza la seguridad del m\u00e9todo. Un usuario malicioso no autorizado puede obtener acceso no autorizado a m\u00e9todos que deben ser restringidos."}], "lastModified": "2024-11-21T03:59:28.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82F4C00B-9F3D-46D2-B10A-204BD055BA5F"}, {"criteria": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1733D2EB-D792-4566-92BF-DD9EA301B2A2"}], "operator": "AND"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54634303-BC07-41EF-8C4A-D64D9A32A40E"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3"}, {"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4", "versionEndExcluding": "7.0.0.1"}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8", "versionEndExcluding": "8.3"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2", "versionEndIncluding": "7.3.6", "versionStartIncluding": "7.3.2"}, {"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5", "versionEndExcluding": "10.2.1"}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB", "versionEndExcluding": "6.1.0.4.0"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D"}, {"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999"}, {"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD"}, {"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418"}, {"criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5"}, {"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6"}, {"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3"}, {"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479"}, {"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED4F724-C92F-4B4F-B631-81A4EA706DB2"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900450EB-A71D-4A8E-B8C4-AFD36F9A36B0"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68017B52-6597-4E32-A38F-634B5635568C"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19D11A6-BA1D-4121-8686-C177C450777F"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861"}, {"criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D863326-7106-4A08-9072-C72029584403", "versionEndIncluding": "8.0.2.8191"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B21E71BD-DD38-4634-BF9F-092D55000DE6"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921B7906-A20A-4313-9398-D542A4198BBF"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7"}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773"}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D"}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716"}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACB5604C-69AF-459D-A82D-8A3B78CF2655"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47"}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D"}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E"}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8"}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"}, {"criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809"}, {"criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5"}, {"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABB9BAD-9BBD-4B2D-A0ED-7898812B9446"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F745235C-55A9-4353-A4CB-4B7834BDD63F"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE3D682-1434-4789-8B43-679AE86533FE"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", "versionStartIncluding": "7.3"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "vulnerable": true, "matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C", "versionStartIncluding": "9.4"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "407B62F8-F1D8-403D-B342-9EF06D6F128B"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}

8.8 /10