Vulnerability Name: CVE-2018-15756 (CCN-151641) Assigned: 2018-10-16 Published: 2018-10-16 Updated: 2022-05-13 Summary: Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2018-15756 IBM Algo Credit Manager Is Affected by a Pivotal Spring Framework Vulnerability Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786) Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756) Oracle Critical Patch Update Advisory - April 2019 Oracle Critical Patch Update Advisory - July 2019 Oracle Critical Patch Update Advisory - October 2019 105703 Spring Framework CVE-2018-15756 Denial-Of-Service Vulnerability pivotal-cve201815756-dos(151641) [activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756 [debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update CVE-2018-15756: DoS Attack via Range Requests https://pivotal.io/security/cve-2018-15756 FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756) Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756) IBM Security Guardium is affected by a Spring Framework vulnerability IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756) Resilient is vulnerable to Using Components with Known Vulnerabilities Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6 N/A Oracle Critical Patch Update Advisory - April 2020 N/A Oracle Critical Patch Update Advisory - January 2020 https://www.oracle.com/security-alerts/cpujan2020.html Oracle Critical Patch Update Advisory - January 2021 https://www.oracle.com/security-alerts/cpujan2021.html Oracle Critical Patch Update Advisory - July 2020 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html CVE-2018-15756 Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 4.2.0 and < 4.3.20)OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.10) OR cpe:/a:vmware:spring_framework:5.1.0:*:*:*:*:*:*:* Configuration 2 :cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* OR cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_for_fusion_applications:13.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version <= 4.0.12) OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.20) OR cpe:/a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.2 and <= 8.0.8) OR cpe:/a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:9.7:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_analytics:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:* Configuration 3 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:pivotal:spring_framework:5.0.0:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:4.3.19:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:5.0.9:*:*:*:*:*:*:* OR cpe:/a:pivotal:spring_framework:5.1:*:*:*:*:*:*:* AND cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:* OR cpe:/a:ibm:algo_credit_manager:5.4:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_framework:9.3.5:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_framework:9.3.4:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tririga_application_platform:3.5.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.5:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:* OR cpe:/a:ibm:content_navigator:3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_test_workbench:9.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_test_workbench:9.2.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.5.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tririga_application_platform:3.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:10.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_calculation_engine:9.7:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_analytics:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:* OR cpe:/a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:* BACK
vmware spring framework *
vmware spring framework *
vmware spring framework 5.1.0
oracle flexcube private banking 12.1.0
oracle insurance policy administration j2ee 10.2.0
oracle retail xstore point of service 7.1
oracle weblogic server 12.1.3.0.0
oracle retail invoice matching 13.0
oracle flexcube private banking 12.0.1
oracle primavera gateway 16.2
oracle primavera gateway 15.2
oracle retail invoice matching 12.0
oracle flexcube private banking 12.0.3
oracle communications unified inventory management 7.3
oracle endeca information discovery integrator 3.2.0
oracle enterprise manager ops center 12.3.3
oracle healthcare master person index 3.0
oracle insurance calculation engine 10.2
oracle insurance rules palette 10.0
oracle insurance rules palette 10.1
oracle insurance rules palette 10.2
oracle insurance rules palette 10.2.0
oracle insurance rules palette 11.0
oracle retail integration bus 15.0
oracle retail order broker 5.1
oracle retail order broker 5.2
oracle retail order broker 15.0
oracle retail order broker 16.0
oracle retail predictive application server 16.0
oracle retail service backbone 15.0
oracle webcenter sites 12.2.1.3.0
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.2.1.3.0
oracle agile plm 9.3.3
oracle agile plm 9.3.4
oracle agile plm 9.3.5
oracle agile plm 9.3.6
oracle communications converged application server - service controller 6.1
oracle communications element manager 8.1.1
oracle communications element manager 8.2.0
oracle communications element manager 8.2.1
oracle communications online mediation controller 6.1
oracle communications session report manager 8.1.1
oracle communications session report manager 8.2.0
oracle communications session report manager 8.2.1
oracle communications session route manager 8.1.1
oracle communications session route manager 8.2.0
oracle communications session route manager 8.2.1
oracle communications unified inventory management 7.4.0
oracle enterprise manager for fusion applications 13.3.0.0
oracle goldengate application adapters 12.3.2.1.0
oracle identity manager connector 9.0
oracle insurance policy administration j2ee 10.0
oracle insurance policy administration j2ee 10.2
oracle mysql enterprise monitor *
oracle mysql enterprise monitor *
oracle primavera gateway 17.12
oracle rapid planning 12.1
oracle rapid planning 12.2
oracle retail assortment planning 15.0
oracle retail assortment planning 16.0
oracle retail clearance optimization engine 14.0.5
oracle retail financial integration 14.0
oracle retail financial integration 14.1
oracle retail financial integration 15.0
oracle retail financial integration 16.0
oracle retail integration bus 16.0
oracle retail invoice matching 13.1
oracle retail invoice matching 13.2
oracle retail invoice matching 14.0
oracle retail invoice matching 14.1
oracle retail predictive application server 15.0.3
oracle weblogic server 12.2.1.4.0
oracle communications brm - elastic charging engine 11.3
oracle communications brm - elastic charging engine 12.0
oracle communications converged application server - service controller 6.0
oracle communications diameter signaling router 8.0.0
oracle communications diameter signaling router 8.1
oracle communications diameter signaling router 8.2
oracle communications diameter signaling router 8.2.1
oracle communications session report manager 8.0.0
oracle communications session report manager 8.1.0
oracle communications session route manager 8.0.0
oracle communications session route manager 8.1.0
oracle financial services analytical applications infrastructure *
oracle healthcare master person index 4.0.2
oracle insurance calculation engine 9.7
oracle insurance calculation engine 10.0
oracle insurance calculation engine 10.1
oracle insurance policy administration j2ee 10.1
oracle insurance policy administration j2ee 10.2.4
oracle insurance policy administration j2ee 11.0
oracle insurance policy administration j2ee 11.1.0
oracle insurance policy administration j2ee 11.2.0
oracle insurance rules palette 10.2.4
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle insurance rules palette 11.2.0
oracle primavera analytics 18.8
oracle primavera gateway 18.8.0
oracle retail advanced inventory planning 15.0
oracle retail integration bus 15.0.3
oracle retail integration bus 16.0.3
oracle retail markdown optimization 13.4.4
oracle retail predictive application server 14.0.3
oracle retail predictive application server 14.0.3.26
oracle retail predictive application server 14.1.3
oracle retail predictive application server 14.1.3.37
oracle retail predictive application server 15.0.3.100
oracle retail predictive application server 16.0.3
oracle retail service backbone 16.0
oracle retail service backbone 16.0.1
oracle tape library acsls 8.5
debian debian linux 9.0
pivotal spring framework 5.0.0
pivotal spring framework 4.3
pivotal spring framework 4.3.19
pivotal spring framework 5.0.9
pivotal spring framework 5.1
ibm tivoli application dependency discovery manager 7.2.2
ibm tivoli application dependency discovery manager 7.3
ibm security guardium 10
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
ibm watson explorer 11.0.2
ibm rational license key server 8.1.5
oracle retail order broker cloud service 5.1
oracle retail order broker cloud service 5.2
oracle retail order broker cloud service 15.0
oracle retail order broker cloud service 16.0
oracle flexcube private banking 12.0.1
oracle primavera gateway 15.2
oracle primavera gateway 16.2
ibm algo credit manager 5.4
oracle weblogic server 12.2.1.3.0
oracle flexcube private banking 12.0.3
oracle flexcube private banking 12.1
oracle agile plm framework 9.3.5
oracle agile plm framework 9.3.6
oracle retail xstore point of service 7.1
oracle retail advanced inventory planning 15.0
oracle retail invoice matching 12.0
oracle retail invoice matching 13.0
oracle retail invoice matching 13.1
oracle retail invoice matching 13.2
oracle retail invoice matching 14.0
oracle retail invoice matching 14.1
oracle healthcare master person index 3.0
ibm rational license key server 8.1.5.1
ibm rational license key server 8.1.5.2
oracle agile product lifecycle management framework 9.3.3
oracle agile plm framework 9.3.4
oracle communications unified inventory management 7.3
oracle webcenter sites 12.2.1.3.0
ibm rational license key server 8.1.5.3
ibm qradar security information and event manager 7.2
ibm qradar security information and event manager 7.3
ibm security guardium 10.5
ibm tririga application platform 3.5.3
oracle retail financial integration 14.0
oracle retail financial integration 14.1
oracle retail financial integration 15.0
oracle retail financial integration 16.0
oracle communications diameter signaling router 8
oracle retail integration bus 15.0
oracle retail integration bus 16.0
oracle insurance policy administration j2ee 10.0
oracle insurance policy administration j2ee 10.1
oracle insurance policy administration j2ee 10.2
oracle insurance policy administration j2ee 11.0
ibm watson explorer 12.0.0
oracle primavera gateway 17.12
oracle insurance rules palette 10.0
oracle insurance rules palette 10.1
oracle insurance rules palette 10.2
oracle insurance rules palette 11.0
ibm rational license key server 8.1.5.4
ibm rational license key server 8.1.5.5
oracle communications online mediation controller 6.1
oracle insurance calculation engine 10.2
oracle financial services analytical applications infrastructure 8.0.8
ibm content navigator 3.0.4
ibm rational test workbench 9.2.1
ibm rational test workbench 9.2.1.1
ibm watson explorer 12.0.1
ibm watson explorer 12.0.2
ibm rational license key server 8.1.5.6
ibm tririga application platform 3.6.0
oracle primavera gateway 18.8
oracle insurance calculation engine 10.0
oracle insurance calculation engine 10.1
oracle insurance calculation engine 9.7
oracle communications diameter signaling router 8.1
oracle communications diameter signaling router 8.2
oracle primavera analytics 18.8
oracle mysql enterprise monitor 8.0.14
oracle identity manager connector 9.0
oracle communications session report manager 8.0.0
oracle communications session report manager 8.1.0
oracle communications session report manager 8.1.1
oracle communications session route manager 8.0.0
oracle communications session route manager 8.1.0
oracle communications session route manager 8.1.1
oracle communications diameter signaling router 8.2.1
ibm security guardium data encryption 3.0.0.2
Denotes that component is vulnerable