CVE-2021-21341

{"id": "CVE-2021-21341", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-03-23T00:15:12.380", "references": [{"url": "http://x-stream.github.io/changes.html#1.4.16", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E", "source": "security-advisories@github.com"}, {"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E", "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/", "source": "security-advisories@github.com"}, {"url": "https://security.netapp.com/advisory/ntap-20210430-0002/", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.debian.org/security/2021/dsa-5004", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://x-stream.github.io/CVE-2021-21341.html", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://x-stream.github.io/security.html#workaround", "tags": ["Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16."}, {"lang": "es", "value": "XStream es una biblioteca de Java para serializar objetos a XML y viceversa. En XStream anterior a la versi\u00f3n 1.4.16, se presenta una vulnerabilidad que puede permitir a un atacante remoto asignar el 100% del tiempo de CPU en el sistema de destino seg\u00fan el tipo de CPU o la ejecuci\u00f3n paralela de dicha carga \u00fatil, resultando en una denegaci\u00f3n de servicio solo mediante la manipulaci\u00f3n del flujo de entrada procesado. Ning\u00fan usuario est\u00e1 afectado si sigui\u00f3 la recomendaci\u00f3n de configurar el framework de seguridad de XStream con una lista blanca limitada a los tipos m\u00ednimos requeridos. Si conf\u00eda en la lista negra predeterminada de XStream del Framework de Seguridad, tendr\u00e1 que usar al menos la versi\u00f3n 1.4.16"}], "lastModified": "2023-11-07T03:29:50.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A13328-A34B-4FB7-AF93-822E53165528", "versionEndExcluding": "1.4.16"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751"}, {"criteria": "cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC723E79-8F35-417B-B9D9-6A707F74C1EE"}, {"criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5700C2E9-5FF2-48EF-AD85-3C03EDA76536"}, {"criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA8461A2-428C-4817-92A9-0C671545698D"}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3784BE26-B268-40F3-9B10-88E50A4400AE"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}