Vulnerability Name: CVE-2016-1181 (CCN-113852) Assigned: 2015-12-26 Published: 2016-06-07 Updated: 2020-07-15 Summary: ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899 . CVSS v3 Severity: 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRECVE-2016-1181 Apache Struts 1 vulnerability that allows unintended remote operations against components on memory JVN#03188560 JVNDB-2016-000096 Struts Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance. Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182) IBM Flex System Manager (FSM) is affected by multiple Struts vulnerabilities (CVE-2016-1181, CVE-2016-1182) Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182) Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182) IBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182) IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182) Vulnerabilities in Apache Struts and Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1181, CVE-2016-1182, CVE-2016-3092) Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182 Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix Vulnerabilities in Apache Struts affect IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182) Multiple Vulnerabilities in Struts v2 affect IBM InfoSphere Information Server Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060) Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182) Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899) Multiple vulnerabilities in Apache Struts affect IBM BigFix Remote Control (CVE-2016-1181, CVE-2016-1182) Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 ) Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement Vulnerability in Apache Struts affects IBM Cram Social Program Management (CVE-2016-1182, CVE-2016-1181, CVE-2015-0899) Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182) Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI Oracle Critical Patch Update Advisory - April 2017 Oracle Critical Patch Update Advisory - April 2019 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Oracle Critical Patch Update Advisory - January 2019 Oracle Critical Patch Update Advisory - July 2016 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Oracle Critical Patch Update Advisory - July 2017 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Oracle Critical Patch Update Advisory - July 2018 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Oracle Critical Patch Update Advisory - July 2019 Oracle Critical Patch Update Advisory - October 2016 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Oracle Critical Patch Update Advisory - October 2017 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 91068 Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability 91787 Oracle July 2016 Critical Patch Update Multiple Vulnerabilities 1036056 https://bugzilla.redhat.com/show_bug.cgi?id=1343538 apache-struts-cve20161181-code-exec(113852) https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 https://security-tracker.debian.org/tracker/CVE-2016-1181 https://security.netapp.com/advisory/ntap-20180629-0006/ Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182) Multiple Vulnerabilities in Struts v2 affect IBM Content Collector for Email OpenSource Apache Struts vulnerability in Content Collector for IBM Connections OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint OpenSource Apache Struts vulnerabilities in IBM Content Collector for File Systems Vulnerabilities in Struts v2 affect IBM Enterprise Records Multiple CVEs affect IBM Integration Designer Oracle Critical Patch Update Advisory - January 2020 https://www.oracle.com/security-alerts/cpujan2020.html Oracle Critical Patch Update Advisory - July 2020 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:banking_platform:2.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:portal:11.1.1.6:*:*:*:*:*:*:* Configuration 2 :cpe:/a:apache:struts:1.0:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0:beta1:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0:beta2:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0:beta3:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:b1:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:b2:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:b3:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:rc1:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:rc2:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.0:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.4:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.10:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:struts:1.2.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.10:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.0.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.4:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.2.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:1.3.8:*:*:*:*:*:*:* AND cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:* OR cpe:/a:ibm:filenet_content_manager:5.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:7.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:* OR cpe:/a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:2.1.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.5:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:2.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10:*:*:*:*:*:*:* OR cpe:/h:ibm:flex_system_manager_node:*:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:systems_director:-:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:* OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:8.5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:9.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:2.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.6:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:6.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:2.1.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:transportation_management:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:lotus_notes:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:* OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.2.10:*:standard:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:6.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris:strategic_supply_management:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:7.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:hospitality_reporting_and_analytics:9.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:identity_manager:11.1.2.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:* OR cpe:/a:oracle:transportation_management:6.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:* OR cpe:/a:oracle:retail_order_management_system_cloud_service:5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:* OR cpe:/a:oracle:communications_converged_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_privileged_identity_manager:2.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_policy_management:12.3:*:*:*:*:*:*:* OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:* Oval Definitions BACK
oracle banking platform 2.3.0
oracle banking platform 2.4.0
oracle banking platform 2.4.1
oracle banking platform 2.5.0
oracle portal 11.1.1.6
apache struts 1.0
apache struts 1.0 beta1
apache struts 1.0 beta2
apache struts 1.0 beta3
apache struts 1.0.1
apache struts 1.0.2
apache struts 1.1
apache struts 1.1 b1
apache struts 1.1 b2
apache struts 1.1 b3
apache struts 1.1 rc1
apache struts 1.1 rc2
apache struts 1.2.0
apache struts 1.2.1
apache struts 1.2.2
apache struts 1.2.3
apache struts 1.2.4
apache struts 1.2.5
apache struts 1.2.6
apache struts 1.2.7
apache struts 1.2.8
apache struts 1.2.9
apache struts 1.3.5
apache struts 1.3.6
apache struts 1.3.7
apache struts 1.3.8
apache struts 1.3.9
apache struts 1.3.10
apache struts 1.2.7
apache struts 1.2.8
apache struts 1.2.9
apache struts 1.3.10
apache struts 1.0
apache struts 1.0.2
apache struts 1.1
apache struts 1.2.2
apache struts 1.2.4
apache struts 1.2.6
apache struts 1.3.5
apache struts 1.3.8
ibm websphere application server 7.0
ibm websphere portal 7.0
ibm infosphere information server 8.5
ibm websphere application server 8.0
ibm websphere portal 8.0
ibm websphere application server 8.5
ibm infosphere information server 8.7
ibm infosphere information server 9.1
ibm sterling b2b integrator 5.2
ibm content collector 3.0
ibm websphere application server 8.5.5
ibm filenet content manager 5.2.0
ibm license metric tool 7.2.2
ibm license metric tool 7.5
ibm websphere service registry and repository 8.0
ibm websphere service registry and repository 8.0.0.1
ibm websphere service registry and repository 8.0.0.2
ibm sterling file gateway 2.2
ibm sterling b2b integrator 5.2.4
ibm content collector 4.0
ibm websphere portal 8.5
ibm websphere portal 6.1
ibm infosphere information server 11.3
ibm sterling b2b integrator 5.2.1
ibm sterling b2b integrator 5.2.2
ibm sterling b2b integrator 5.2.3
ibm emptoris contract management *
ibm business process manager 7.5
ibm business process manager 7.5.0.1
ibm business process manager 7.5.1
ibm business process manager 7.5.1.1
ibm business process manager 7.5.1.2
ibm business process manager 8.0
ibm business process manager 8.0.1
ibm business process manager 8.0.1.1
ibm business process manager 8.0.1.2
ibm business process manager 8.5
ibm business process manager 8.5.0.1
ibm business process manager 8.5.5
ibm business process manager 8.0.1.3
ibm websphere service registry and repository 8.5
ibm financial transaction manager 2.1.1.2
ibm sterling b2b integrator 5.2.5
ibm curam social program management 6.0.5
ibm business process manager 8.5.6
ibm financial transaction manager 3.0.0.0
ibm financial transaction manager 3.0.0.1
ibm financial transaction manager 3.0.0.2
ibm financial transaction manager 2.1.1.0
ibm tivoli monitoring 6.2.2
ibm tivoli monitoring 6.2.3
ibm tivoli monitoring 6.3.0
ibm tivoli monitoring 6.2.3.1
ibm tivoli monitoring 6.2.3.2
ibm tivoli monitoring 6.2.3.3
ibm tivoli monitoring 6.2.3.4
ibm tivoli monitoring 6.2.3.5
ibm tivoli monitoring 6.3
ibm tivoli monitoring 6.3.0.1
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm websphere service registry and repository 8.5.0.1
ibm financial transaction manager 3.0.0.3
ibm financial transaction manager 3.0.0.4
ibm content collector 4.0.1
ibm websphere service registry and repository 8.5.5.0
ibm financial transaction manager 3.0.0.5
ibm financial transaction manager 3.0.0.6
ibm financial transaction manager 3.0.0.7
ibm infosphere information server 11.5
ibm security guardium 10
ibm flex system manager node *
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
ibm systems director -
ibm financial transaction manager 3.0.0.8
ibm financial transaction manager 3.0.0.9
ibm business process manager 8.5.0.2
ibm security privileged identity manager 2.0.2
ibm financial transaction manager 3.0.0.10
oracle weblogic server 12.2.1.0.0
oracle application testing suite 12.5.0.2
ibm lotus notes 8.5
ibm lotus notes 8.5.1
ibm lotus notes 8.5.2
ibm lotus notes 8.5.3
ibm lotus notes 9.0.1
ibm financial transaction manager 3.0.0.11
ibm financial transaction manager 2.1.1.1
ibm sterling b2b integrator 5.2.6
ibm curam social program management 6.1.1
ibm financial transaction manager 3.0.0.12
ibm financial transaction manager 2.1.1.3
oracle transportation management 6.2
ibm lotus notes 9.0
ibm financial transaction manager 3.0.0.13
ibm financial transaction manager 3.0.0.14
ibm business process manager 8.5.7
ibm websphere application server 9.0.0.0
ibm emptoris strategic_supply_management 10.0.0.0
ibm spectrum control 5.2.10
ibm websphere service registry and repository 8.0.0.3
ibm websphere service registry and repository 8.5.6.0
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.2.2.2
ibm tivoli monitoring 6.2.2.3
ibm tivoli monitoring 6.2.2.4
ibm tivoli monitoring 6.2.2.5
ibm tivoli monitoring 6.2.2.6
ibm tivoli monitoring 6.2.2.7
ibm tivoli monitoring 6.2.2.8
ibm tivoli monitoring 6.2.2.9
oracle weblogic server 12.2.1.1.0
ibm websphere application server 9.0
oracle application testing suite 12.5.0.3
ibm content collector 4.0.1.3
ibm content collector 4.0.1.4
ibm curam social program management 6.2.0
ibm emptoris strategic_supply_management
ibm curam social program management 7.0.1
oracle weblogic server 12.2.1.2.0
oracle communications webrtc session controller 7.1
oracle hospitality reporting and analytics 9.0.0
oracle identity manager 11.1.2.3.0
oracle transportation management 6.3.7
oracle transportation management 6.4.1
oracle retail invoice matching 12.0
oracle retail invoice matching 13.0
oracle retail invoice matching 13.1
oracle retail invoice matching 13.2
oracle retail invoice matching 14.0
oracle retail invoice matching 14.1
ibm websphere application server in cloud *
oracle retail order management system cloud service 5.0
ibm security guardium 10.5
oracle retail clearance optimization engine 14.0.5
ibm websphere application server in cloud 8.5
ibm websphere application server in cloud 9.0
ibm websphere application server in cloud *
oracle communications converged application server 7.0
ibm security privileged identity manager 2.1.1
oracle communications policy management 12.3
ibm integration designer 20.0.0.2
Denotes that component is vulnerable