Vulnerability Name: CVE-2018-10237 (CCN-142508) Assigned: 2018-04-26 Published: 2018-04-26 Updated: 2022-06-29 Summary: Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CVSS v3 Severity: 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H )5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H )5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-770 Vulnerability Consequences: Denial of Service References: Source: MITRE Type: CNACVE-2018-10237 Source: CCN Type: IBM Security Bulletin 870980 (InfoSphere Data Replication)InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 871890 (Spectrum Control Standard Edition)Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 876202 (Watson Compare and Comply)Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private Source: CCN Type: IBM Security Bulletin 879347 (Security AppScan Enterprise)Potential denial of service in WebSphere Application Server (CVE-2018-10237) affects IBM Security AppScan Enterprise Source: CCN Type: IBM Security Bulletin 880537 (Algo Credit Manager)IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty Source: CCN Type: IBM Security Bulletin 881456 (Control Center)Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767) Source: SECTRACK Type: Broken Link1041707 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2423 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2424 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2425 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2428 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2598 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2643 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2740 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2741 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2742 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2743 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:2927 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2858 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:3149 Source: XF Type: UNKNOWNgoogle-cve201810237-dos(142508) Source: CCN Type: guava GIT RepositoryGoogle Guava Source: CONFIRM Type: Vendor Advisoryhttps://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion Source: CCN Type: Google Groups Web siteDenial of Service vulnerability for servers that use Guava and deserialize attacker data Source: MLIST Type: Mailing List, Third Party Advisory[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar Source: MLIST Type: Mailing List, Third Party Advisory[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project Source: MLIST Type: Mailing List, Third Party Advisory[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 Source: MLIST Type: Mailing List, Third Party Advisory[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 Source: MLIST Type: Mailing List, Third Party Advisory[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 Source: MLIST Type: Mailing List, Third Party Advisory[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities Source: MLIST Type: Mailing List, Third Party Advisory[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities Source: MLIST Type: Mailing List, Third Party Advisory[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project Source: MLIST Type: Mailing List, Third Party Advisory[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities Source: MLIST Type: Mailing List, Third Party Advisory[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 Source: MLIST Type: Mailing List, Third Party Advisory[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version Source: MLIST Type: Mailing List, Third Party Advisory[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version Source: MLIST Type: Mailing List, Third Party Advisory[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava Source: MLIST Type: Mailing List, Third Party Advisory[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability Source: MLIST Type: Mailing List, Third Party Advisory[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities Source: MLIST Type: Mailing List, Third Party Advisory[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? Source: MLIST Type: Mailing List, Third Party Advisory[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency Source: MLIST Type: Mailing List, Third Party Advisory[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka Source: MLIST Type: Mailing List, Third Party Advisory[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava Source: MLIST Type: Mailing List, Third Party Advisory[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency Source: MLIST Type: Mailing List, Third Party Advisory[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 Source: MLIST Type: Mailing List, Third Party Advisory[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version Source: MLIST Type: Mailing List, Third Party Advisory[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 Source: MLIST Type: Mailing List, Third Party Advisory[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency Source: CONFIRM Type: UNKNOWNhttps://security.netapp.com/advisory/ntap-20220629-0008/ Source: CCN Type: IBM Security Bulletin 793597 (WebSphere Application Server in Cloud)Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud Source: CCN Type: IBM Security Bulletin 795696 (WebSphere Application Server)Potential denial of service in WebSphere Application Server (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 871774 (Liberty for Java for Bluemix)Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 878268 (Spectrum Scale)A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 879923 (Endpoint Manager for Lifecycle Management)Server Automation is affected by the following vulnerability exposures (CVE-2014-7810, CVE-2018-1767, CVE-2018-1901, CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 880291 (Watson OpenScale)Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js) Source: CCN Type: IBM Security Bulletin 880351 (Elastic Storage Server)A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 880687 (BigFix Remote Control)Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime and Liberty affect IBM BigFix Remote Control Source: CCN Type: IBM Security Bulletin 882556 (Rational License Key Server)Security Vulnerability in IBM WebSphere Application Server Liberty affects IBM Rational License Key Server Administration & Reporting Tool and Agent Source: CCN Type: IBM Security Bulletin 883458 (Cloud App Management)A vulnerability in Google Guava could affect IBM Cloud App Management V2018 Source: CCN Type: IBM Security Bulletin 886175 (Cram Social Program Management)Vulnerability in Google Guava affects IBM Cram Social Program Management (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 888617 (Sterling B2B Integrator)IBM WebSphere Application Server Security Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4046, CVE-2018-1902, CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 1118463 (Cloud Pak System)Vulnerability in Google Guava affects IBM Cloud Pak System (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 3106029 (StoredIQ)Multiple Vulnerabilities identified in IBM StoredIQ Source: CCN Type: IBM Security Bulletin 6198380 (DB2 for Linux- UNIX and Windows)Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation. Source: CCN Type: IBM Security Bulletin 6210366 (Monitoring)Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product Source: CCN Type: IBM Security Bulletin 6320051 (Security Guardium Insights)IBM Security Guardium Insights is affected by a components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6320835 (Security Guardium Data Encryption)Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) Source: CCN Type: IBM Security Bulletin 6403331 (Security Guardium Data Encryption)Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) Source: CCN Type: IBM Security Bulletin 6404298 (WebSphere Service Registry and Repository)Vulnerability in Google Guava affects WebSphere Service Registry and Repository (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 6416391 (Spectrum Symphony)Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1 Source: CCN Type: IBM Security Bulletin 6416393 (Spectrum Conductor)Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0 Source: CCN Type: IBM Security Bulletin 6444041 (SmartCloud Analytics)A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 6444895 (Db2 Warehouse)IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2 Source: CCN Type: IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products. Source: CCN Type: IBM Security Bulletin 6524700 (Planning Analytics Workspace)IBM Planning Analytics Workspace is affected by security vulnerabilities Source: CCN Type: IBM Security Bulletin 6570915 (Data Risk Manager)IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) Source: CCN Type: IBM Security Bulletin 6572765 (Security Guardium)IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 6575477 (Watson Speech Services Cartridge for Cloud Pak for Data)A Google Guava vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6605881 (PureData System for Operational Analytics)Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics Source: CCN Type: IBM Security Bulletin 6606205 (Tivoli Netcool Manager)There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager. Source: CCN Type: IBM Security Bulletin 6854713 (Voice Gateway)Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway Source: CCN Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation)Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform Source: CCN Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6980395 (Sterling Order Management)IBM Sterling Order Management Google Guave vulnerablity Source: CCN Type: IBM Security Bulletin 6984715 (Application Performance Management)Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent Source: CCN Type: IBM Security Bulletin 6984959 (Security Verify Governance)IBM Security Verify Governance is vulnerable to denial of service and security bypass (CVE-2018-10237, CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 6987499 (Business Automation Workflow traditional)Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager Source: CCN Type: IBM Security Bulletin 6988655 (InfoSphere Information Server)IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Google Guava (CVE-2018-10237, CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 7005947 (Storage Protect)IBM Storage Protect Server is vulnerable to attacks due to Google guava (CVE-2020-8908, CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 7007839 (OpenPages with Watson)IBM OpenPages with Watson is Vulnerable to Guava Denial of Service Error (CVE-2018-10237) Source: CCN Type: IBM Security Bulletin 879981 (InfoSphere Streams)Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1 Source: CCN Type: IBM Security Bulletin 879981 (Streams)Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1 Source: CCN Type: Oracle CPUApr2020Oracle Critical Patch Update Advisory - April 2020 Source: N/A Type: Patch, Third Party AdvisoryN/A Source: CCN Type: Oracle CPUJan2021Oracle Critical Patch Update Advisory - January 2021 Source: MISC Type: Patch, Third Party Advisoryhttps://www.oracle.com/security-alerts/cpujan2021.html Source: CCN Type: Oracle CPUJul2020Oracle Critical Patch Update Advisory - July 2020 Source: MISC Type: Patch, Third Party Advisoryhttps://www.oracle.com/security-alerts/cpujul2020.html Source: CCN Type: Oracle CPUOct2021Oracle Critical Patch Update Advisory - October 2021 Source: MISC Type: Patch, Third Party Advisoryhttps://www.oracle.com/security-alerts/cpuoct2021.html Source: CCN Type: WhiteSource Vulnerability DatabaseCVE-2018-10237 Vulnerable Configuration: Configuration 1 :cpe:/a:google:guava:*:*:*:*:*:*:*:* (Version >= 11.0 and < 24.1.1)Configuration 2 :cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* OR cpe:/a:redhat:virtualization:4.2:*:*:*:*:*:*:* OR cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:* OR cpe:/a:redhat:satellite:6.4:*:*:*:*:*:*:* OR cpe:/a:redhat:openstack:13:*:*:*:*:*:*:* OR cpe:/a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:* Configuration 3 :cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:* OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:* OR cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* OR cpe:/a:redhat:virtualization:4.0:*:*:*:*:*:*:* OR cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* Configuration 4 :cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* Configuration 5 :cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:* OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* Configuration 6 :cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_payments:*:*:*:*:*:*:*:* (Version >= 14.1.0 and <= 14.4.0) OR cpe:/a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:18c:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:google:guava:11.0:-:*:*:*:*:*:* OR cpe:/a:google:guava:24.1:*:*:*:*:*:*:* AND cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:-:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:algo_credit_manager:5.4:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:endpoint_manager:*:*:*:*:lifecycle_management:*:*:* OR cpe:/a:ibm:bigfix_remote_control:9.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:control_center:6.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:traditional:*:*:* OR cpe:/a:ibm:infosphere_data_replication:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_compare_&_comply:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:3.2.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:4.0.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_compare_&_comply:1.1.3:*:cloud_private:*:data:*:*:* OR cpe:/a:ibm:security_appscan:9.0.3.12:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.2.5:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.3.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:smartcloud_analytics:1.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:smartcloud_analytics:1.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:smartcloud_analytics:1.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:smartcloud_analytics:1.3.4:*:*:*:*:*:*:* OR cpe:/a:ibm:smartcloud_analytics:1.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.6:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_openscale:1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:7.0.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:7.0.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:curam_social_program_management:7.0.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.1.1.8:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.2.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:* Denotes that component is vulnerable BACK
google guava *
redhat virtualization host 4.0
redhat virtualization 4.2
redhat openshift container platform 3.11
redhat satellite 6.4
redhat openstack 13
redhat satellite capsule 6.4
redhat jboss enterprise application platform 6.0.0
redhat jboss enterprise application platform 7.1.0
redhat jboss enterprise application platform 6.4.0
redhat virtualization host 4.0
redhat virtualization 4.0
redhat openshift container platform 4.1
redhat enterprise linux 7.0
redhat jboss enterprise application platform 6.0.0
redhat jboss enterprise application platform 6.4.0
redhat enterprise linux 5.0
redhat jboss enterprise application platform 6.0.0
redhat jboss enterprise application platform 7.1.0
redhat jboss enterprise application platform 6.4.0
redhat enterprise linux 6.0
oracle flexcube investor servicing 12.3.0
oracle flexcube investor servicing 12.1.0
oracle retail xstore point of service 15.0
oracle flexcube private banking 12.1.0
oracle retail xstore point of service 7.1
oracle flexcube private banking 12.0.0
oracle retail integration bus 15.0
oracle weblogic server 12.2.1.3.0
oracle database server 12.2.0.1
oracle banking payments *
oracle communications ip service activator 7.3.0
oracle communications ip service activator 7.4.0
oracle customer management and segmentation foundation 18.0
oracle database server 18c
oracle database server 19c
oracle flexcube investor servicing 12.4.0
oracle flexcube investor servicing 14.0.0
oracle flexcube investor servicing 14.1.0
oracle retail integration bus 16.0
oracle retail xstore point of service 16.0
oracle retail xstore point of service 17.0
google guava 11.0
google guava 24.1
ibm websphere application server 8.5.5
ibm sterling b2b integrator -
ibm websphere service registry and repository 8.5
oracle weblogic server 12.1.3.0.0
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm rational rhapsody design manager 6.0.2
ibm rational license key server 8.1.5
ibm spectrum scale 4.2.3
ibm algo credit manager 5.4
oracle weblogic server 12.2.1.3.0
oracle retail xstore point of service 15.0
oracle retail xstore point of service 16.0
oracle retail xstore point of service 7.1
ibm rational license key server 8.1.5.1
ibm rational license key server 8.1.5.2
ibm monitoring 8.1.4
ibm endpoint manager *
ibm bigfix remote control 9.1.4
ibm infosphere information server 11.7
ibm spectrum scale 5.0.0
ibm spectrum protect plus 10.1.0
ibm rational license key server 8.1.5.3
oracle retail integration bus 15.0
oracle retail integration bus 16.0
ibm websphere application server in cloud 8.5
ibm websphere application server in cloud 9.0
ibm websphere application server
ibm websphere application server in cloud *
ibm elastic storage server 4.0.0
ibm elastic storage server 4.0.6
ibm elastic storage server 4.5.0
ibm elastic storage server 4.6.0
ibm elastic storage server 5.0.0
ibm elastic storage server 5.3
ibm storediq 7.6.0
ibm control center 6.0.0.0
ibm control center 6.1.0.0
ibm rational license key server 8.1.5.4
ibm rational license key server 8.1.5.5
ibm websphere application server 8.5
ibm websphere application server 9.0
ibm infosphere data replication 11.4
ibm sterling b2b integrator 6.0.0.0
ibm watson compare & comply 1.0.4
ibm infosphere streams 3.2.1.6
ibm infosphere streams 4.0.1.6
ibm watson compare & comply 1.1.3
ibm security appscan 9.0.3.12
ibm elastic storage server 5.2.5
ibm elastic storage server 5.3.2.1
ibm smartcloud analytics 1.3.1
ibm smartcloud analytics 1.3.2
ibm smartcloud analytics 1.3.3
ibm smartcloud analytics 1.3.4
ibm smartcloud analytics 1.3.5
ibm rational license key server 8.1.5.6
ibm watson openscale 1.0.1
ibm curam social program management 7.0.0.0
ibm curam social program management 7.0.4.0
ibm curam social program management 7.0.5.0
ibm curam social program management 7.0.6.0
oracle retail xstore point of service 17.0
ibm sterling b2b integrator 6.0.1.0
ibm application performance management 8.1.4
ibm streams 4.1.1.8
ibm streams 4.2.1.6
ibm streams 4.3.0.2
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm cloud pak system 2.3
ibm cloud pak system 2.3.0.1
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm mobilefirst platform foundation 8.0.0.0
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm security guardium 11.1
ibm voice gateway 1.0.5
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm security guardium insights 2.0.1
ibm security guardium data encryption 3.0.0.2
ibm security guardium 11.2
ibm voice gateway 1.0.7
ibm security guardium 11.3
ibm security guardium 11.4
ibm planning analytics workspace 2.0
ibm business automation workflow 20.0.0.1
ibm business automation workflow 20.0.0.2
ibm business automation workflow 21.0.1
ibm case manager 5.3.3
ibm security verify governance 10.0
ibm business automation workflow 22.0.1
ibm business automation workflow 21.0.3.1
ibm business automation workflow 22.0.2