Vulnerability Name:

CVE-2020-10683 (CCN-181356)

Assigned:2020-03-28
Published:2020-03-28
Updated:2022-07-25
Summary:dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-611
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-10683

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2020:0719

Source: CCN
Type: Red Hat Bugzilla – Bug 1694235
(CVE-2020-10683) - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Source: MISC
Type: Third Party Advisory
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html

Source: CCN
Type: dom4j GIT Repository
dom4j

Source: XF
Type: UNKNOWN
dom4j-cve202010683-xxe-info-disc(181356)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dom4j/dom4j/commits/version-2.0.3

Source: MISC
Type: Third Party Advisory
https://github.com/dom4j/dom4j/issues/87

Source: CONFIRM
Type: Release Notes, Third Party Advisory
https://github.com/dom4j/dom4j/releases/tag/version-2.1.3

Source: MLIST
Type: Mailing List, Third Party Advisory
[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683

Source: MLIST
Type: Mailing List, Third Party Advisory
[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683

Source: MLIST
Type: Mailing List, Third Party Advisory
[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200518-0002/

Source: UBUNTU
Type: Third Party Advisory
USN-4575-1

Source: CCN
Type: IBM Security Bulletin 6324845 (Resilient OnPrem)
BM Resilient SOAR is Using Components with Known Vulnerabilities - dom4j (CVE-2020-10683)

Source: CCN
Type: IBM Security Bulletin 6356447 (QRadar SIEM)
Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000632, CVE-2020-10683)

Source: CCN
Type: IBM Security Bulletin 6367943 (Spectrum Protect Plus)
Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6508583 (Rational DOORS Next Generation)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6525182 (Spectrum Copy Data Management)
Vulnerabilities in Jackson, jQuery, and Dom4j affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6570863 (Tivoli Netcool/OMNIbus)
Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450)

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6597241 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6602029 (Security Verify Information Queue)
IBM Security Verify Information Queue uses a dom4j version with improper XXE restrictions (CVE-2020-10683)

Source: CCN
Type: IBM Security Bulletin 6616545 (Netcool Operations Insight)
Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6988889 (Atlas eDiscovery Process Management)
Atlas eDiscovery Process Management is affected by a vulnerable dom4j-1.6.1.jar

Source: CCN
Type: IBM Security Bulletin 7001793 (App Connect Enterprise Toolkit)
Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: UNKNOWN
N/A

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dom4j_project:dom4j:*:*:*:*:*:*:*:* (Version >= 2.1.0 and < 2.1.3)
  • OR cpe:/a:dom4j_project:dom4j:*:*:*:*:*:*:*:* (Version < 2.0.3)

    • Configuration 2:
  • cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.6 and <= 8.1.0)
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 17.1.0.0 and <= 17.12.17.1)
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 16.1.0.0 and <= 16.2.20.1)
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 18.1.0.0 and <= 18.8.19.0)
  • OR cpe:/a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 19.12.0.0 and <= 19.12.6.0)
  • OR cpe:/a:oracle:utilities_framework:*:*:*:*:*:*:*:* (Version >= 4.3.0.1.0 and <= 4.3.0.6.0)
  • OR cpe:/a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.2.2)
  • OR cpe:/a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:banking_platform:*:*:*:*:*:*:*:* (Version >= 2.4.0 and <= 2.10.0)
  • OR cpe:/a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)
  • OR cpe:/a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:documaker:*:*:*:*:*:*:*:* (Version >= 12.6.0 and <= 12.6.4)
  • OR cpe:/a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:* (Version >= 11.1.0 and <= 11.3.0)

    • Configuration 3:
  • cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
  • OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

    • Configuration CCN 1:
  • cpe:/a:dom4j_project:dom4j:2.1.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:atlas_ediscovery_process_management:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:agile_plm_framework:9.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_information_queue:10.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202010683
    V
    		CVE-2020-10683
    2023-06-22
    oval:org.opensuse.security:def:8004
    P
    		dom4j-1.6.1-150200.12.6.3 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:3671
    P
    		Security update for buildah (Moderate)
    2022-08-05
    oval:org.opensuse.security:def:3659
    P
    		Security update for python-numpy (Moderate)
    2022-08-03
    oval:org.opensuse.security:def:1389
    P
    		Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) (Important)
    2022-06-29
    oval:org.opensuse.security:def:3011
    P
    		apache2-mod_apparmor-2.8.2-51.18.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3021
    P
    		avahi-0.6.32-32.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3019
    P
    		autofs-5.1.3-1.17 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3005
    P
    		alsa-1.0.27.2-15.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3379
    P
    		sysvinit-tools-2.88+-101.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:2952
    P
    		ipmitool-1.8.18.238.gb7adc1d-150400.1.14 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2940
    P
    		graphviz-2.48.0-150400.1.165 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2934
    P
    		glib2-devel-2.70.4-150400.1.5 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2981
    P
    		libXi-devel-1.7.9-3.2.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2930
    P
    		ghostscript-9.52-161.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2972
    P
    		libQt5Svg5-5.15.2+kde16-150400.1.5 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95009
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2966
    P
    		less-590-150400.1.51 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:112169
    P
    		dom4j-1.6.1-33.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64817
    P
    		Security update for clamav (Moderate)
    2021-12-06
    oval:org.opensuse.security:def:105701
    P
    		dom4j-1.6.1-33.6 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:49448
    P
    		Security update for nodejs10 (Moderate)
    2021-08-24
    oval:org.opensuse.security:def:63100
    P
    		postgresql10-10.16-8.29.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:1915
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101262
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63004
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72723
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100839
    P
    		gdk-pixbuf-loader-rsvg-2.46.5-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:49447
    P
    		Security update for php72 (Important)
    2021-08-06
    oval:org.opensuse.security:def:64705
    P
    		Security update for umoci (Important)
    2021-07-27
    oval:org.opensuse.security:def:64545
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:65571
    P
    		Security update for snakeyaml (Important)
    2021-06-07
    oval:org.opensuse.security:def:66806
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:49466
    P
    		Security update for python3 (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:64647
    P
    		Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:66714
    P
    		Security update for flac (Moderate)
    2020-12-24
    oval:org.opensuse.security:def:117063
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62922
    P
    		perl-YAML-LibYAML-0.59-1.16 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72155
    P
    		libcups2-32bit-2.2.7-1.24 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62947
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62894
    P
    		crash-7.2.1-7.15 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:94126
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72666
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62890
    P
    		bsh2-2.0.0.b6-3.102 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62897
    P
    		cvs-1.12.12-2.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107505
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72271
    P
    		libgme-devel-0.6.2-1.17 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63596
    P
    		libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63393
    P
    		tomcat-9.0.5-1.34 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:1858
    P
    		dom4j-1.6.1-10.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64438
    P
    		Security update for python-cryptography (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:50042
    P
    		xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70057
    P
    		gstreamer-plugins-bad on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70162
    P
    		dom4j on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64301
    P
    		libXfixes-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49944
    P
    		dovecot23 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65996
    P
    		Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:50662
    P
    		Security update for openssl-1_1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66088
    P
    		Security update for dom4j (Important)
    2020-12-01
    oval:org.opensuse.security:def:63972
    P
    		Security update for squid (Important)
    2020-12-01
    oval:org.opensuse.security:def:74892
    P
    		Security update for dom4j (Important)
    2020-12-01
    oval:org.opensuse.security:def:49798
    P
    		perl-Archive-Extract on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49776
    P
    		cargo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49830
    P
    		dom4j on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63743
    P
    		Security update for spamassassin (Important)
    2020-12-01
    oval:org.opensuse.security:def:49593
    P
    		ppp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73379
    P
    		firewall-applet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50527
    P
    		Security update for supportutils (Important)
    2020-12-01
    oval:org.opensuse.security:def:52042
    P
    		Security update for gcc9 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50766
    P
    		Security update for perl (Important)
    2020-12-01
    oval:org.opensuse.security:def:50597
    P
    		Security update for gnutls (Important)
    2020-12-01
    oval:org.opensuse.security:def:50437
    P
    		Security update for mariadb, mariadb-connector-c (Important)
    2020-12-01
    oval:org.opensuse.security:def:52104
    P
    		Security update for dom4j (Important)
    2020-12-01
    oval:org.opensuse.security:def:68815
    P
    		Security update for openssl-1_0_0 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50693
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:68918
    P
    		Security update for dom4j (Important)
    2020-12-01
    oval:org.opensuse.security:def:50199
    P
    		libproxy1-config-gnome3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73497
    P
    		dom4j on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65481
    P
    		Security update for rust (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74759
    P
    		Security update for yast2-rmt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64437
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:110554
    P
    		Security update for dom4j (Important)
    2020-05-26
    oval:org.opensuse.security:def:91683
    P
    		Security update for dom4j (Important)
    2020-05-22
    oval:org.opensuse.security:def:104592
    P
    		Security update for dom4j (Important)
    2020-05-22
    oval:org.opensuse.security:def:97902
    P
    		Security update for dom4j (Important)
    2020-05-22
    oval:org.opensuse.security:def:90937
    P
    		Security update for dom4j (Important)
    2020-05-22
    oval:org.opensuse.security:def:75298
    P
    		Security update for dom4j (Important)
    2020-05-22
    BACK
    dom4j_project dom4j *
    dom4j_project dom4j *
    oracle insurance policy administration j2ee 10.2.0
    oracle insurance rules palette 10.2.0
    oracle retail integration bus 15.0
    oracle webcenter portal 12.2.1.3.0
    oracle webcenter portal 11.1.1.9.0
    oracle utilities framework 4.2.0.3.0
    oracle utilities framework 4.2.0.2.0
    oracle utilities framework 2.2.0.0.0
    oracle flexcube core banking 11.7.0
    oracle business process management suite 12.2.1.3.0
    oracle endeca information discovery integrator 3.2.0
    oracle application testing suite 13.3.0.1
    oracle retail order broker 15.0
    oracle retail order broker 16.0
    oracle retail integration bus 16.0
    oracle retail customer management and segmentation foundation 16.0
    oracle retail customer management and segmentation foundation 17.0
    oracle retail customer management and segmentation foundation 18.0
    oracle enterprise data quality 12.2.1.3.0
    oracle data integrator 12.2.1.3.0
    oracle utilities framework 4.4.0.0.0
    oracle agile plm 9.3.3
    oracle agile plm 9.3.5
    oracle communications unified inventory management 7.4.0
    oracle fusion middleware 12.2.1.4.0
    oracle financial services analytical applications infrastructure *
    oracle webcenter portal 12.2.1.4.0
    oracle primavera p6 enterprise project portfolio management *
    oracle primavera p6 enterprise project portfolio management *
    oracle primavera p6 enterprise project portfolio management *
    oracle enterprise manager base platform 13.4.0.0
    oracle rapid planning 12.1
    oracle rapid planning 12.2
    oracle primavera p6 enterprise project portfolio management *
    oracle utilities framework *
    oracle utilities framework 4.4.0.2.0
    oracle retail customer management and segmentation foundation 19.0
    oracle communications diameter signaling router *
    oracle jdeveloper 12.2.1.4.0
    oracle communications unified inventory management 7.3.0
    oracle communications application session controller 3.9m0p1
    oracle data integrator 12.2.1.4.0
    oracle enterprise data quality 11.1.1.9.0
    oracle health sciences information manager 3.0.1
    oracle banking platform *
    oracle retail order broker 18.0
    oracle business process management suite 12.2.1.4.0
    oracle insurance rules palette 10.2.4
    oracle insurance rules palette 11.0.2
    oracle insurance policy administration j2ee 10.2.4
    oracle insurance policy administration j2ee 11.0.2
    oracle retail xstore point of service 16.0.6
    oracle retail xstore point of service 17.0.4
    oracle retail xstore point of service 18.0.3
    oracle health sciences empirica signal 9.0
    oracle insurance rules palette *
    oracle retail xstore point of service 15.0.4
    oracle storagetek tape analytics sw tool 2.3
    oracle retail price management 14.0.3
    oracle retail price management 14.1.3.0
    oracle retail price management 15.0.3.0
    oracle retail price management 16.0.3.0
    oracle retail order broker 19.0
    oracle retail order broker 19.1
    oracle documaker *
    oracle flexcube core banking 11.8.0
    oracle flexcube core banking 11.10.0
    oracle flexcube core banking 11.9.0
    oracle insurance policy administration j2ee *
    opensuse leap 15.1
    netapp snap creator framework -
    netapp snapcenter -
    netapp snapmanager -
    netapp snapmanager -
    netapp oncommand workflow automation -
    netapp oncommand api services -
    canonical ubuntu linux 16.04
    dom4j_project dom4j 2.1.2
    ibm atlas ediscovery process management 6.0.3
    ibm rational doors next generation 6.0.2
    oracle retail order broker cloud service 15.0
    oracle retail order broker cloud service 16.0
    oracle agile plm framework 9.3.5
    oracle utilities framework 2.2.0.0.0
    oracle utilities framework 4.2.0.2.0
    oracle utilities framework 4.2.0.3.0
    oracle utilities framework 4.3.0.3.0
    oracle webcenter portal 11.1.1.9.0
    oracle webcenter portal 12.2.1.3.0
    oracle agile product lifecycle management framework 9.3.3
    ibm spectrum protect plus 10.1.0
    oracle retail customer management and segmentation foundation 16.0
    ibm qradar security information and event manager 7.3
    oracle fusion middleware 12.2.1.3.0
    oracle retail customer management and segmentation foundation 17.0
    oracle retail integration bus 15.0
    oracle retail integration bus 16.0
    oracle business process management suite 12.2.1.3.0
    oracle jdeveloper 12.2.1.3.0
    oracle enterprise data quality 12.2.1.3.0
    oracle application testing suite 13.3.0.1
    oracle retail customer management and segmentation foundation 18.0
    oracle communications unified inventory management 7.4.0
    ibm qradar security information and event manager 7.4 -
    ibm rational doors next generation 7.0
    ibm spectrum protect plus 10.1.6
    ibm cognos analytics 11.2.0
    ibm cognos analytics 11.1.7
    ibm spectrum copy data management 2.2.13
    ibm cognos analytics 11.2.1
    ibm security verify information queue 10.0.2