Vulnerability CVE-2018-10237 - CERT Civis.Net

Vulnerability Name:

CVE-2018-10237 (CCN-142508)

Assigned:

2018-04-26

Published:

2018-04-26

Updated:

2022-06-29

Summary:

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-10237

Source: CCN
Type: IBM Security Bulletin 870980 (InfoSphere Data Replication)
InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 871890 (Spectrum Control Standard Edition)
Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 876202 (Watson Compare and Comply)
Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private

Source: CCN
Type: IBM Security Bulletin 879347 (Security AppScan Enterprise)
Potential denial of service in WebSphere Application Server (CVE-2018-10237) affects IBM Security AppScan Enterprise

Source: CCN
Type: IBM Security Bulletin 880537 (Algo Credit Manager)
IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty

Source: CCN
Type: IBM Security Bulletin 881456 (Control Center)
Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767)

Source: SECTRACK
Type: Broken Link
1041707

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2423

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2424

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2425

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2428

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2598

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2643

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2740

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2741

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2742

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2743

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2927

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:2858

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3149

Source: XF
Type: UNKNOWN
google-cve201810237-dos(142508)

Source: CCN
Type: guava GIT Repository
Google Guava

Source: CONFIRM
Type: Vendor Advisory
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion

Source: CCN
Type: Google Groups Web site
Denial of Service vulnerability for servers that use Guava and deserialize attacker data

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project

Source: MLIST
Type: Mailing List, Third Party Advisory
[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability

Source: MLIST
Type: Mailing List, Third Party Advisory
[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10

Source: MLIST
Type: Mailing List, Third Party Advisory
[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20220629-0008/

Source: CCN
Type: IBM Security Bulletin 793597 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 795696 (WebSphere Application Server)
Potential denial of service in WebSphere Application Server (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 871774 (Liberty for Java for Bluemix)
Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 878268 (Spectrum Scale)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 879923 (Endpoint Manager for Lifecycle Management)
Server Automation is affected by the following vulnerability exposures (CVE-2014-7810, CVE-2018-1767, CVE-2018-1901, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 880291 (Watson OpenScale)
Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)

Source: CCN
Type: IBM Security Bulletin 880351 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 880687 (BigFix Remote Control)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime and Liberty affect IBM BigFix Remote Control

Source: CCN
Type: IBM Security Bulletin 882556 (Rational License Key Server)
Security Vulnerability in IBM WebSphere Application Server Liberty affects IBM Rational License Key Server Administration & Reporting Tool and Agent

Source: CCN
Type: IBM Security Bulletin 883458 (Cloud App Management)
A vulnerability in Google Guava could affect IBM Cloud App Management V2018

Source: CCN
Type: IBM Security Bulletin 886175 (Cram Social Program Management)
Vulnerability in Google Guava affects IBM Cram Social Program Management (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 888617 (Sterling B2B Integrator)
IBM WebSphere Application Server Security Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4046, CVE-2018-1902, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 1118463 (Cloud Pak System)
Vulnerability in Google Guava affects IBM Cloud Pak System (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 3106029 (StoredIQ)
Multiple Vulnerabilities identified in IBM StoredIQ

Source: CCN
Type: IBM Security Bulletin 6198380 (DB2 for Linux- UNIX and Windows)
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation.

Source: CCN
Type: IBM Security Bulletin 6210366 (Monitoring)
Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Source: CCN
Type: IBM Security Bulletin 6320051 (Security Guardium Insights)
IBM Security Guardium Insights is affected by a components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6320835 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6403331 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6404298 (WebSphere Service Registry and Repository)
Vulnerability in Google Guava affects WebSphere Service Registry and Repository (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6416391 (Spectrum Symphony)
Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1

Source: CCN
Type: IBM Security Bulletin 6416393 (Spectrum Conductor)
Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0

Source: CCN
Type: IBM Security Bulletin 6444041 (SmartCloud Analytics)
A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6444895 (Db2 Warehouse)
IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2

Source: CCN
Type: IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6524700 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6572765 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 6575477 (Watson Speech Services Cartridge for Cloud Pak for Data)
A Google Guava vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6605881 (PureData System for Operational Analytics)
Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6606205 (Tivoli Netcool Manager)
There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.

Source: CCN
Type: IBM Security Bulletin 6854713 (Voice Gateway)
Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation)
Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6980395 (Sterling Order Management)
IBM Sterling Order Management Google Guave vulnerablity

Source: CCN
Type: IBM Security Bulletin 6984715 (Application Performance Management)
Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent

Source: CCN
Type: IBM Security Bulletin 6984959 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to denial of service and security bypass (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 6987499 (Business Automation Workflow traditional)
Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager

Source: CCN
Type: IBM Security Bulletin 6988655 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Google Guava (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 7005947 (Storage Protect)
IBM Storage Protect Server is vulnerable to attacks due to Google guava (CVE-2020-8908, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 7007839 (OpenPages with Watson)
IBM OpenPages with Watson is Vulnerable to Guava Denial of Service Error (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 879981 (InfoSphere Streams)
Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1

Source: CCN
Type: IBM Security Bulletin 879981 (Streams)
Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-10237

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:guava:*:*:*:*:*:*:*:* (Version >= 11.0 and < 24.1.1)

Configuration 2:

cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:virtualization:4.2:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

OR cpe:/a:redhat:satellite:6.4:*:*:*:*:*:*:*

OR cpe:/a:redhat:openstack:13:*:*:*:*:*:*:*

OR cpe:/a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:virtualization:4.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_payments:*:*:*:*:*:*:*:* (Version >= 14.1.0 and <= 14.4.0)

OR cpe:/a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:18c:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:google:guava:11.0:-:*:*:*:*:*:*

OR cpe:/a:google:guava:24.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:-:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_credit_manager:5.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:endpoint_manager:*:*:*:*:lifecycle_management:*:*:*

OR cpe:/a:ibm:bigfix_remote_control:9.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:infosphere_data_replication:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_compare_&_comply:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:3.2.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_compare_&_comply:1.1.3:*:cloud_private:*:data:*:*:*

OR cpe:/a:ibm:security_appscan:9.0.3.12:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:elastic_storage_server:5.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:5.3.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_analytics:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.5.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_openscale:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:curam_social_program_management:7.0.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:curam_social_program_management:7.0.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:curam_social_program_management:7.0.6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.1.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.2.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.3.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

Denotes that component is vulnerable