Vulnerability Name:

CVE-2018-10237 (CCN-142508)

Assigned:2018-04-26
Published:2018-04-26
Updated:2022-06-29
Summary:Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-770
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-10237

Source: CCN
Type: IBM Security Bulletin 870980 (InfoSphere Data Replication)
InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 871890 (Spectrum Control Standard Edition)
Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 876202 (Watson Compare and Comply)
Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private

Source: CCN
Type: IBM Security Bulletin 879347 (Security AppScan Enterprise)
Potential denial of service in WebSphere Application Server (CVE-2018-10237) affects IBM Security AppScan Enterprise

Source: CCN
Type: IBM Security Bulletin 880537 (Algo Credit Manager)
IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty

Source: CCN
Type: IBM Security Bulletin 881456 (Control Center)
Multiple Websphere Vulnerabilities Impact IBM Control Center (CVE-2018-3169, CVE-2014-7810, CVE-2018-1767)

Source: SECTRACK
Type: Broken Link
1041707

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2423

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2424

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2425

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2428

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2598

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2643

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2740

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2741

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2742

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2743

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:2927

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:2858

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3149

Source: XF
Type: UNKNOWN
google-cve201810237-dos(142508)

Source: CCN
Type: guava GIT Repository
Google Guava

Source: CONFIRM
Type: Vendor Advisory
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion

Source: CCN
Type: Google Groups Web site
Denial of Service vulnerability for servers that use Guava and deserialize attacker data

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project

Source: MLIST
Type: Mailing List, Third Party Advisory
[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability

Source: MLIST
Type: Mailing List, Third Party Advisory
[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: MLIST
Type: Mailing List, Third Party Advisory
[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10

Source: MLIST
Type: Mailing List, Third Party Advisory
[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version

Source: MLIST
Type: Mailing List, Third Party Advisory
[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20220629-0008/

Source: CCN
Type: IBM Security Bulletin 793597 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 795696 (WebSphere Application Server)
Potential denial of service in WebSphere Application Server (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 871774 (Liberty for Java for Bluemix)
Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 878268 (Spectrum Scale)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 879923 (Endpoint Manager for Lifecycle Management)
Server Automation is affected by the following vulnerability exposures (CVE-2014-7810, CVE-2018-1767, CVE-2018-1901, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 880291 (Watson OpenScale)
Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)

Source: CCN
Type: IBM Security Bulletin 880351 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 880687 (BigFix Remote Control)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime and Liberty affect IBM BigFix Remote Control

Source: CCN
Type: IBM Security Bulletin 882556 (Rational License Key Server)
Security Vulnerability in IBM WebSphere Application Server Liberty affects IBM Rational License Key Server Administration & Reporting Tool and Agent

Source: CCN
Type: IBM Security Bulletin 883458 (Cloud App Management)
A vulnerability in Google Guava could affect IBM Cloud App Management V2018

Source: CCN
Type: IBM Security Bulletin 886175 (Cram Social Program Management)
Vulnerability in Google Guava affects IBM Cram Social Program Management (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 888617 (Sterling B2B Integrator)
IBM WebSphere Application Server Security Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4046, CVE-2018-1902, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 1118463 (Cloud Pak System)
Vulnerability in Google Guava affects IBM Cloud Pak System (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 3106029 (StoredIQ)
Multiple Vulnerabilities identified in IBM StoredIQ

Source: CCN
Type: IBM Security Bulletin 6198380 (DB2 for Linux- UNIX and Windows)
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation.

Source: CCN
Type: IBM Security Bulletin 6210366 (Monitoring)
Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Source: CCN
Type: IBM Security Bulletin 6320051 (Security Guardium Insights)
IBM Security Guardium Insights is affected by a components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6320835 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6403331 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6404298 (WebSphere Service Registry and Repository)
Vulnerability in Google Guava affects WebSphere Service Registry and Repository (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6416391 (Spectrum Symphony)
Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1

Source: CCN
Type: IBM Security Bulletin 6416393 (Spectrum Conductor)
Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0

Source: CCN
Type: IBM Security Bulletin 6444041 (SmartCloud Analytics)
A vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis Analysis (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6444895 (Db2 Warehouse)
IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2

Source: CCN
Type: IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6524700 (Planning Analytics Workspace)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6572765 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 6575477 (Watson Speech Services Cartridge for Cloud Pak for Data)
A Google Guava vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6605881 (PureData System for Operational Analytics)
Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6606205 (Tivoli Netcool Manager)
There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.

Source: CCN
Type: IBM Security Bulletin 6854713 (Voice Gateway)
Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation)
Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6980395 (Sterling Order Management)
IBM Sterling Order Management Google Guave vulnerablity

Source: CCN
Type: IBM Security Bulletin 6984715 (Application Performance Management)
Multiple Vulnerabilities of Guava Google Core Libraries have affected APM Synthetic Playback Agent

Source: CCN
Type: IBM Security Bulletin 6984959 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to denial of service and security bypass (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 6987499 (Business Automation Workflow traditional)
Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager

Source: CCN
Type: IBM Security Bulletin 6988655 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Google Guava (CVE-2018-10237, CVE-2020-8908)

Source: CCN
Type: IBM Security Bulletin 7005947 (Storage Protect)
IBM Storage Protect Server is vulnerable to attacks due to Google guava (CVE-2020-8908, CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 7007839 (OpenPages with Watson)
IBM OpenPages with Watson is Vulnerable to Guava Denial of Service Error (CVE-2018-10237)

Source: CCN
Type: IBM Security Bulletin 879981 (InfoSphere Streams)
Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1

Source: CCN
Type: IBM Security Bulletin 879981 (Streams)
Vulnerabilities in Google Guava 11.0 through 24.x before 24.1.1

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-10237

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:guava:*:*:*:*:*:*:*:* (Version >= 11.0 and < 24.1.1)

  • Configuration 2:
  • cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:satellite:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openstack:13:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:virtualization:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_payments:*:*:*:*:*:*:*:* (Version >= 14.1.0 and <= 14.4.0)
  • OR cpe:/a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:18c:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:google:guava:11.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:guava:24.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:algo_credit_manager:5.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:endpoint_manager:*:*:*:*:lifecycle_management:*:*:*
  • OR cpe:/a:ibm:bigfix_remote_control:9.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:infosphere_data_replication:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_compare_&_comply:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:4.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_compare_&_comply:1.1.3:*:cloud_private:*:data:*:*:*
  • OR cpe:/a:ibm:security_appscan:9.0.3.12:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_analytics:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_analytics:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_analytics:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_analytics:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_analytics:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_license_key_server:8.1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_openscale:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:7.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:7.0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:7.0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams:4.1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams:4.2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams:4.3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

  • * Denotes that component is vulnerable
    BACK
    google guava *
    redhat virtualization host 4.0
    redhat virtualization 4.2
    redhat openshift container platform 3.11
    redhat satellite 6.4
    redhat openstack 13
    redhat satellite capsule 6.4
    redhat jboss enterprise application platform 6.0.0
    redhat jboss enterprise application platform 7.1.0
    redhat jboss enterprise application platform 6.4.0
    redhat virtualization host 4.0
    redhat virtualization 4.0
    redhat openshift container platform 4.1
    redhat enterprise linux 7.0
    redhat jboss enterprise application platform 6.0.0
    redhat jboss enterprise application platform 6.4.0
    redhat enterprise linux 5.0
    redhat jboss enterprise application platform 6.0.0
    redhat jboss enterprise application platform 7.1.0
    redhat jboss enterprise application platform 6.4.0
    redhat enterprise linux 6.0
    oracle flexcube investor servicing 12.3.0
    oracle flexcube investor servicing 12.1.0
    oracle retail xstore point of service 15.0
    oracle flexcube private banking 12.1.0
    oracle retail xstore point of service 7.1
    oracle flexcube private banking 12.0.0
    oracle retail integration bus 15.0
    oracle weblogic server 12.2.1.3.0
    oracle database server 12.2.0.1
    oracle banking payments *
    oracle communications ip service activator 7.3.0
    oracle communications ip service activator 7.4.0
    oracle customer management and segmentation foundation 18.0
    oracle database server 18c
    oracle database server 19c
    oracle flexcube investor servicing 12.4.0
    oracle flexcube investor servicing 14.0.0
    oracle flexcube investor servicing 14.1.0
    oracle retail integration bus 16.0
    oracle retail xstore point of service 16.0
    oracle retail xstore point of service 17.0
    google guava 11.0
    google guava 24.1
    ibm websphere application server 8.5.5
    ibm sterling b2b integrator -
    ibm websphere service registry and repository 8.5
    oracle weblogic server 12.1.3.0.0
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1
    ibm rational rhapsody design manager 6.0.2
    ibm rational license key server 8.1.5
    ibm spectrum scale 4.2.3
    ibm algo credit manager 5.4
    oracle weblogic server 12.2.1.3.0
    oracle retail xstore point of service 15.0
    oracle retail xstore point of service 16.0
    oracle retail xstore point of service 7.1
    ibm rational license key server 8.1.5.1
    ibm rational license key server 8.1.5.2
    ibm monitoring 8.1.4
    ibm endpoint manager *
    ibm bigfix remote control 9.1.4
    ibm infosphere information server 11.7
    ibm spectrum scale 5.0.0
    ibm spectrum protect plus 10.1.0
    ibm rational license key server 8.1.5.3
    oracle retail integration bus 15.0
    oracle retail integration bus 16.0
    ibm websphere application server in cloud 8.5
    ibm websphere application server in cloud 9.0
    ibm websphere application server
    ibm websphere application server in cloud *
    ibm elastic storage server 4.0.0
    ibm elastic storage server 4.0.6
    ibm elastic storage server 4.5.0
    ibm elastic storage server 4.6.0
    ibm elastic storage server 5.0.0
    ibm elastic storage server 5.3
    ibm storediq 7.6.0
    ibm control center 6.0.0.0
    ibm control center 6.1.0.0
    ibm rational license key server 8.1.5.4
    ibm rational license key server 8.1.5.5
    ibm websphere application server 8.5
    ibm websphere application server 9.0
    ibm infosphere data replication 11.4
    ibm sterling b2b integrator 6.0.0.0
    ibm watson compare & comply 1.0.4
    ibm infosphere streams 3.2.1.6
    ibm infosphere streams 4.0.1.6
    ibm watson compare & comply 1.1.3
    ibm security appscan 9.0.3.12
    ibm elastic storage server 5.2.5
    ibm elastic storage server 5.3.2.1
    ibm smartcloud analytics 1.3.1
    ibm smartcloud analytics 1.3.2
    ibm smartcloud analytics 1.3.3
    ibm smartcloud analytics 1.3.4
    ibm smartcloud analytics 1.3.5
    ibm rational license key server 8.1.5.6
    ibm watson openscale 1.0.1
    ibm curam social program management 7.0.0.0
    ibm curam social program management 7.0.4.0
    ibm curam social program management 7.0.5.0
    ibm curam social program management 7.0.6.0
    oracle retail xstore point of service 17.0
    ibm sterling b2b integrator 6.0.1.0
    ibm application performance management 8.1.4
    ibm streams 4.1.1.8
    ibm streams 4.2.1.6
    ibm streams 4.3.0.2
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.5
    ibm db2 11.5
    ibm db2 11.5
    ibm cloud pak system 2.3
    ibm cloud pak system 2.3.0.1
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm mobilefirst platform foundation 8.0.0.0
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm security guardium 11.1
    ibm voice gateway 1.0.5
    ibm db2 11.5
    ibm db2 11.5
    ibm db2 11.5
    ibm security guardium insights 2.0.1
    ibm security guardium data encryption 3.0.0.2
    ibm security guardium 11.2
    ibm voice gateway 1.0.7
    ibm security guardium 11.3
    ibm security guardium 11.4
    ibm planning analytics workspace 2.0
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm case manager 5.3.3
    ibm security verify governance 10.0
    ibm business automation workflow 22.0.1
    ibm business automation workflow 21.0.3.1
    ibm business automation workflow 22.0.2