Vulnerability Name: CVE-2020-13956 (CCN-189572) Assigned: 2020-10-08 Published: 2020-10-08 Updated: 2022-05-12 Summary: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. CVSS v3 Severity: 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-noinfo CWE-20 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2020-13956 HttpClient apache-httpclient-cve202013956-sec-bypass(189572) [maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956 [hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available [lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956 [hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956 [lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956 [solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13 [solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956 [lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E [drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250) [creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956 [bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956 [maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956 [drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956 [lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956 [turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/ [drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956? [jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13 [drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956 [ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list [hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956 [drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 [bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956 [lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956 [ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 [creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956 [solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956 [hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956 [CVE-2020-13956] Apache HttpClient incorrect handling of malformed URI authority component https://security.netapp.com/advisory/ntap-20220210-0002/ ecurity Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956) Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow - CVE-2020-4687, CVE-2020-4760, CVE-2020-4704 A vulnerability has been identified in Apache HttpClient shipped with IBM Spectrum Scale Transparent Cloud Tiering (CVE-2020-13956) Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache HttpClient Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0 IBM Planning Analytics Workspace is affected by security vulnerabilities IBM Tivoli Netcool Impact is affected by an Apache HttpClient vulnerability (CVE-2020-13956) IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218) Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products. Multiple Vulnerabilities were detected in IBM Secure Proxy Multiple Vulnerabilities were detected in IBM Secure External Authentication Server IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel affect IBM Spectrum Copy Data Management Cloud Pak for Security uses packages that are vulnerable to multiple CVEs A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) Multiple Vulnerabilities may affect IBM Robotic Process Automation BM TRIRIGA Application Platform discloses CVE-2020-13956 IBM TRIRIGA Application Platform discloses CVE-2020-13956 BM TRIRIGA Application Platform discloses CVE-2020-13956 A vulnerability found in Apache HttpClient which is shipped with IBM Intelligent Operations Center (CVE-2020-13956) A security vulnerability has been identified in Apache HttpClient shipped with IBM Tivoli Netcool Impact (CVE-2020-13956) A vulnerability in Apache HttpClient affects IBM Tivoli Business Service Manager (CVE-2020-13956) Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities. Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2020-13956) Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities. IBM Stering B2B Integrator is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956) Multiple Vulnerabilities in Java packages affect IBM Voice Gateway IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956) Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache HttpClient IBM Security Guardium is affected by multiple vulnerabilities Multiple vulnerabilities in Open Source software used by Cloud Pak System Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent N/A Oracle Critical Patch Update Advisory - April 2021 https://www.oracle.com/security-alerts/cpuApr2021.html Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Oracle Critical Patch Update Advisory - July 2021 Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:httpclient:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.3)OR cpe:/a:apache:httpclient:*:*:*:*:*:*:*:* (Version < 4.5.13) Configuration 2 :cpe:/a:quarkus:quarkus:*:*:*:*:*:*:*:* (Version < 1.7.6)Configuration 3 :cpe:/a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12) OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* (Version < 9.2.6.0) OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.6.0) OR cpe:/a:oracle:nosql_database:*:*:*:*:*:*:*:* (Version < 20.3) OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:* (Version >= 16.0 and <= 19.0) OR cpe:/a:oracle:spatial_studio:*:*:*:*:*:*:*:* (Version < 20.1.1) OR cpe:/a:oracle:sql_developer:*:*:*:*:*:*:*:* (Version < 20.4.1.407.0006) Configuration 4 :cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* Configuration 5 :cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:sql_developer:*:*:*:*:*:*:*:* (Version < 21.99) Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:httpclient:4.5.12:*:*:*:*:*:*:* OR cpe:/a:apache:httpclient:5.0.2:*:*:*:*:*:*:* AND cpe:/a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:1.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_proxy:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.20:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_proxy:3.4.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_proxy:6.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_external_authentication_server:2.4.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_external_authentication_server:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p8:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_copy_data_management:2.2.13:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.2.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:* Oval Definitions BACK
apache httpclient *
apache httpclient *
quarkus quarkus *
oracle primavera unifier 16.2
oracle primavera unifier 16.1
oracle peoplesoft enterprise peopletools 8.57
oracle primavera unifier 18.8
oracle data integrator 12.2.1.3.0
oracle primavera unifier *
oracle peoplesoft enterprise peopletools 8.58
oracle primavera unifier 19.12
oracle data integrator 12.2.1.4.0
oracle primavera unifier 20.12
oracle jd edwards enterpriseone orchestrator *
oracle jd edwards enterpriseone tools *
oracle nosql database *
oracle peoplesoft enterprise pt peopletools 8.57
oracle peoplesoft enterprise pt peopletools 8.58
oracle peoplesoft enterprise pt peopletools 8.59
oracle retail customer management and segmentation foundation *
oracle spatial studio *
oracle sql developer *
netapp snapcenter -
netapp active iq unified manager -
netapp active iq unified manager -
netapp active iq unified manager -
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle commerce guided search 11.3.2
oracle communications cloud native core service communication proxy 1.14.0
oracle sql developer *
apache httpclient 4.5.12
apache httpclient 5.0.2
ibm tririga application platform 2.7
ibm tivoli netcool/impact 7.1.0
ibm infosphere information server 11.5
ibm rational doors next generation 6.0.2
oracle primavera unifier 16.1
oracle primavera unifier 16.2
ibm infosphere information server 11.7
ibm spectrum protect plus 10.1.0
ibm security guardium 10.5
oracle primavera unifier 17.12
oracle primavera unifier 18.8
oracle peoplesoft enterprise peopletools 8.57
ibm qradar security information and event manager 7.3.0
ibm sterling b2b integrator 6.0.0.0
ibm security guardium 10.6
ibm business automation workflow 19.0.0.1
ibm tivoli business service manager 6.2.0
ibm intelligent operations center 5.1.0
ibm intelligent operations center 5.1.0.2
ibm intelligent operations center 5.1.0.3
ibm intelligent operations center 5.1.0.4
ibm intelligent operations center 5.1.0.6
ibm spectrum scale 1.1.1.0
ibm application performance management 8.1.4
ibm business automation workflow 19.0.0.2
ibm spectrum control 5.3.1
ibm spectrum control 5.3.2
ibm spectrum control 5.3.3
ibm spectrum control 5.3.0.1
ibm tivoli netcool/impact 7.1.0.0
ibm watson discovery 2.0.0
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm business automation workflow 19.0.0.3
ibm mobilefirst platform foundation 8.0.0.0
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm rational doors next generation 7.0
ibm voice gateway 1.0.5
ibm log analysis 1.3.5.3
ibm log analysis 1.3.6.0
ibm intelligent operations center 5.2
ibm intelligent operations center 5.2.1
ibm spectrum control 5.3.4
ibm spectrum control 5.3.5
ibm spectrum control 5.3.6
ibm spectrum control 5.3.7
ibm secure proxy 6.0.1
ibm log analysis 1.3.6.1
ibm qradar security information and event manager 7.4.0
ibm business automation workflow 20.0.0.1
ibm voice gateway 1.0.6
ibm sterling b2b integrator 6.1.0.0
ibm control center 6.2.0.0
ibm spectrum protect plus 10.1.7
ibm spectrum control 5.4.1
ibm watson discovery 2.2.0
ibm voice gateway 1.0.7
ibm planning analytics 2.0
ibm tivoli netcool/impact 7.1.0.20
ibm security guardium 11.3
ibm secure proxy 3.4.3.2
ibm secure proxy 6.0.2
ibm secure external authentication server 2.4.3.2
ibm secure external authentication server 6.0.1
ibm secure external authentication server 6.0.2
ibm qradar security information and event manager 7.4.3 -
ibm qradar security information and event manager 7.3.3 p8
ibm cloud pak for security 1.7.2.0
ibm spectrum copy data management 2.2.13
ibm security guardium 11.4
ibm sterling b2b integrator 6.1.1.0
ibm robotic process automation 21.0.1
ibm sterling b2b integrator 6.1.2.0
ibm multi-enterprise integration gateway 1.0.0.1
Denotes that component is vulnerable