Vulnerability Name: CVE-2017-5638 (CCN-122776) Assigned: 2017-03-06 Published: 2017-03-06 Updated: 2021-02-24 Summary: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. CVSS v3 Severity: 10.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 9.3 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 9.3 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MISChttp://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ CVE-2017-5638 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 A vulnerability in Apache Struts affects the IBM FlashSystem model V840 Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638) ulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638) Remote Code Execution (RCE) Vulnerability in Apache Struts affects IBM Connections Vulnerability in Apache Struts affects IBM Opportunity Detect (CVE-2017-5638) Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638) IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638) Apache Struts 2 is vulnerable to remote code execution Oracle Critical Patch Update Advisory - April 2017 Oracle Critical Patch Update Advisory - July 2017 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html 96729 Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability 1037973 https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser https://cwiki.apache.org/confluence/display/WW/S2-045 https://cwiki.apache.org/confluence/display/WW/S2-046 apache-struts-cve20175638-code-exec(122776) 41570 https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228 https://github.com/mazen160/struts-pwn https://github.com/rapid7/metasploit-framework/issues/8064 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us https://isc.sans.edu/diary/22169 [announce] 20210223 Re: Apache Software Foundation Security Report: 2020 [announce] 20200131 Apache Software Foundation Security Report: 2019 [announce] 20210125 Apache Software Foundation Security Report: 2020 https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html Struts2 S2-045 Remote Command Execution https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Apache Struts Jakarta Multipart Parser OGNL Injection https://security.netapp.com/advisory/ntap-20170310-0001/ https://struts.apache.org/docs/s2-045.html https://struts.apache.org/docs/s2-046.html https://support.lenovo.com/us/en/product_security/len-14200 Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products https://twitter.com/theog150/status/841146956135124993 KNOWN EXPLOITED VULNERABILITIES CATALOG Offensive Security Exploit Database [03-15-2017] 41614 https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/ VU#834067 https://www.symantec.com/security-center/network-protection-security-advisories/SA145 Vulnerable Configuration: Configuration 1 :cpe:/a:apache:struts:2.3.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.10:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.11:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.12:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.13:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.17:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.19:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.21:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.22:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.23:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.25:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.26:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.27:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.28:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.28.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.29:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.30:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.31:*:*:*:*:*:*:* Configuration 2 :cpe:/a:apache:struts:2.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.4:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.10:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:struts:2.3.8:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.12:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.16.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.30:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.10:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.5:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.28.1:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.29:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.31:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.9:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.10:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.11:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.14.3:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.15:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.17:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.19:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.20.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.21:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.22:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.23:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.24.2:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.25:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.26:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.3.27:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.16:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.4:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.6:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.7:*:*:*:*:*:*:* OR cpe:/a:apache:struts:2.5.9:*:*:*:*:*:*:* AND cpe:/a:ibm:connections:4.5:*:*:*:*:*:*:* OR cpe:/a:cisco:identity_services_engine:-:*:*:*:*:*:*:* OR cpe:/a:ibm:connections:4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:connections:5.0:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_service_catalog:10.0:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_unified_software:1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:connections:5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_unified_software:1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_data_integration_hub:8.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_profitability_management:8.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_funds_transfer_pricing:8.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_asset_liability_management:8.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:7.3.5:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:* Oval Definitions BACK
apache struts 2.3.5
apache struts 2.3.6
apache struts 2.3.7
apache struts 2.3.8
apache struts 2.3.9
apache struts 2.3.10
apache struts 2.3.11
apache struts 2.3.12
apache struts 2.3.13
apache struts 2.3.14
apache struts 2.3.14.1
apache struts 2.3.14.2
apache struts 2.3.14.3
apache struts 2.3.15
apache struts 2.3.15.1
apache struts 2.3.15.2
apache struts 2.3.15.3
apache struts 2.3.16
apache struts 2.3.16.1
apache struts 2.3.16.2
apache struts 2.3.16.3
apache struts 2.3.17
apache struts 2.3.19
apache struts 2.3.20
apache struts 2.3.20.1
apache struts 2.3.20.2
apache struts 2.3.20.3
apache struts 2.3.21
apache struts 2.3.22
apache struts 2.3.23
apache struts 2.3.24
apache struts 2.3.24.1
apache struts 2.3.24.2
apache struts 2.3.24.3
apache struts 2.3.25
apache struts 2.3.26
apache struts 2.3.27
apache struts 2.3.28
apache struts 2.3.28.1
apache struts 2.3.29
apache struts 2.3.30
apache struts 2.3.31
apache struts 2.5
apache struts 2.5.1
apache struts 2.5.2
apache struts 2.5.3
apache struts 2.5.4
apache struts 2.5.5
apache struts 2.5.6
apache struts 2.5.7
apache struts 2.5.8
apache struts 2.5.9
apache struts 2.5.10
apache struts 2.3.8
apache struts 2.3.7
apache struts 2.3.12
apache struts 2.3.14.2
apache struts 2.3.14.1
apache struts 2.3.15.1
apache struts 2.3.16
apache struts 2.3.15.2
apache struts 2.3.16.1
apache struts 2.3.16.2
apache struts 2.3.16.3
apache struts 2.3.20
apache struts 2.3.24
apache struts 2.3.24.1
apache struts 2.3.30
apache struts 2.3.5
apache struts 2.5
apache struts 2.5.10
apache struts 2.5.5
apache struts 2.5.1
apache struts 2.5.2
apache struts 2.3.20.1
apache struts 2.3.20.3
apache struts 2.3.24.3
apache struts 2.3.28.1
apache struts 2.3.29
apache struts 2.3.31
apache struts 2.3.6
apache struts 2.3.9
apache struts 2.3.10
apache struts 2.3.11
apache struts 2.3.14.3
apache struts 2.3.15
apache struts 2.3.17
apache struts 2.3.19
apache struts 2.3.20.2
apache struts 2.3.21
apache struts 2.3.22
apache struts 2.3.23
apache struts 2.3.24.2
apache struts 2.3.25
apache struts 2.3.26
apache struts 2.3.27
apache struts 2.5.16
apache struts 2.5.4
apache struts 2.5.6
apache struts 2.5.7
apache struts 2.5.9
ibm connections 4.5
cisco identity services engine -
ibm connections 4.0
ibm storwize v7000 software 6.1
ibm storwize v7000 software 6.2
ibm storwize v7000 software 6.3
ibm storwize v7000 software 6.4
ibm storwize v7000 software 7.1
ibm storwize v7000 software 7.2
ibm connections 5.0
cisco prime service catalog 10.0
ibm storwize v7000 software 7.3
ibm storwize v7000 software 7.4
ibm storwize v7000 unified software 1.5
ibm storwize v7000 software 7.5
oracle webcenter sites 11.1.1.8.0
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
ibm storwize v7000 software 7.6
oracle weblogic server 12.2.1.0.0
ibm connections 5.5
oracle webcenter sites 12.2.1
ibm storwize v7000 unified software 1.6
ibm storwize v7000 software 7.6.1
ibm storwize v7000 software 7.7
oracle weblogic server 12.2.1.1.0
ibm storwize v7000 software 7.7.1
ibm storwize v7000 software 7.8
ibm storwize v7000 software 7.8.1
oracle flexcube private banking 12.0.1
oracle financial services data integration hub 8.0.3
oracle weblogic server 12.2.1.2.0
oracle financial services profitability management 6.1.1
oracle financial services profitability management 8.0.4
oracle financial services funds transfer pricing 8.0.4
oracle financial services asset liability management 8.0.4
oracle financial services analytical applications reconciliation framework 8.0.0
oracle financial services analytical applications reconciliation framework 8.0.1
oracle financial services analytical applications reconciliation framework 8.0.2
oracle flexcube private banking 12.0.2
oracle flexcube private banking 12.0.3
oracle flexcube private banking 12.1
oracle financial services hedge management and ifrs valuations 8.0.4
oracle financial services loan loss forecasting and provisioning 8.0.2
oracle financial services loan loss forecasting and provisioning 8.0.4
oracle webcenter sites 12.2.1.2.0
oracle financial services analytical applications infrastructure 7.3.3
oracle financial services analytical applications infrastructure 7.3.5
oracle mysql enterprise monitor 3.1.6.8003
oracle mysql enterprise monitor 3.2.1182
oracle mysql enterprise monitor 3.3.2.1162
Denotes that component is vulnerable