Vulnerability Name: CVE-2021-29425 (CCN-199852) Assigned: 2021-04-12 Published: 2021-04-12 Updated: 2022-10-27 Summary: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CVSS v3 Severity: 4.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 4.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-22 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2021-29425 Apache Commons IO apache-cve202129425-dir-traversal(199852) https://issues.apache.org/jira/browse/IO-556 [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 [pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) [kafka-users] 20210617 vulnerabilities [myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix [creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425 [portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425 [creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity [zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 [creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity [zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 [creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425 [commons-user] 20210709 Re: commons-fileupload dependency and CVE [creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 [zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 [commons-dev] 20210415 Re: [all] OSS Fuzz [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) [creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425 [creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity [commons-user] 20210709 commons-fileupload dependency and CVE [creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425 [zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) [portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E [zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 [zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) [creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity [zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 [commons-dev] 20210414 Re: [all] OSS Fuzz [debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6) https://security.netapp.com/advisory/ntap-20220210-0004/ A vulnerability have been identified in Apache Commons IO shipped with IBM Tivoli Netcool/OMNIbus Probe for Microsoft Exchange Web Services (CVE-2021-29425) Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO Vulnerability in Apache Commons affects Tivoli Netcool Impact (CVE-2021-29425) IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425) IBM Transparent Could Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425) Apache Commons Vulnerability in Apache Commons IO may affect Cram Social Program Management (CVE-2021-29425) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons IO Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager IBM Planning Analytics Workspace is affected by security vulnerabilities IBM QRadar SIEM is vulnerable to using components with know vulnerabilities Cloud Pak for Security uses packages that are vulnerable to multiple CVEs A Vulnerability In Apache Commons IO Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076) Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to directory traversal due to its use of Apache Commons IO (CVE-2021-29425) IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835) IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758) IBM Sterling B2B Integrator vulnerable to remove traversal due to Apache Commons IO (CVE-2021-29425) Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities. Potential vulnerability in Apache Commons IO affect IBM Operations Analytics - Log Analysis (CVE-2021-29425) Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway Multiple CVEs affect IBM Integration Designer IBM PowerVM Novalink is vulnerable because Apache Commons IO could allow a remote attacker to traverse directories on the system Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform IBM B2B Advanced Communications is vulnerable to directory traversal due to Apache Commons IO (CVE-2021-29425) Apache Commons IO (Publicly disclosed vulnerability) Affects IBM eDiscovery Manager (CVE-2021-29425) Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2021-29425] IBM Cognos Command Center is affected by multiple vulnerabilities Multiple vulnerabilities in DITA may affect IBM Business Automation Workflow and IBM Case Manager IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Oracle Critical Patch Update Advisory - July 2022 N/A Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:commons_io:2.2:-:*:*:*:*:*:* OR cpe:/a:apache:commons_io:2.3:-:*:*:*:*:*:* OR cpe:/a:apache:commons_io:2.4:-:*:*:*:*:*:* OR cpe:/a:apache:commons_io:2.5:-:*:*:*:*:*:* OR cpe:/a:apache:commons_io:2.6:-:*:*:*:*:*:* Configuration 2 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* Configuration 3 :cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12) OR cpe:/a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* OR cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* (Version >= 8.0.7 and <= 8.1.1) OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:*:*:*:*:*:*:*:* (Version >= 16.0.1 and <= 16.0.3) OR cpe:/a:oracle:retail_integration_bus:*:*:*:*:*:*:*:* (Version >= 16.0.1 and <= 16.0.3) OR cpe:/a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:19.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:20.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:21.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:*:*:*:*:*:*:*:* (Version >= 2.3.0 and <= 2.4.1) OR cpe:/a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:* (Version >= 2.3.0 and <= 2.4.0) OR cpe:/a:oracle:banking_apis:18.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:18.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:18.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:* (Version >= 8.0.8 and <= 8.1.1) OR cpe:/a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:oss_support_tools:*:*:*:*:*:*:*:* (Version < 2.12.42) OR cpe:/a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.1.0) OR cpe:/a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* (Version >= 8.2.0 and <= 8.2.3) OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version < 21.1.2) OR cpe:/a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:* (Version >= 3.0.1 and <= 3.0.4) OR cpe:/a:oracle:helidon:2.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:helidon:1.4.7:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_design_studio:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.2) OR cpe:/a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:* OR cpe:/a:oracle:rest_data_services:*:*:*:*:-:*:*:* (Version < 21.2) OR cpe:/a:oracle:rest_data_services:21.3:*:*:*:-:*:*:* OR cpe:/a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.8.0) Configuration 4 :cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* Configuration CCN 1 :cpe:/a:apache:commons_io:2.2:-:*:*:*:*:*:* OR cpe:/a:apache:commons_io:2.6:-:*:*:*:*:*:* AND cpe:/a:ibm:ediscovery_manager:2.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_identity_insight:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:1.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.21:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.21:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:case_manager:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:* OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:* OR cpe:/a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:* Oval Definitions BACK
apache commons io 2.2 -
apache commons io 2.3 -
apache commons io 2.4 -
apache commons io 2.5 -
apache commons io 2.6 -
debian debian linux 9.0
oracle weblogic server 12.1.3.0.0
oracle retail integration bus 13.0
oracle flexcube core banking 5.2.0
oracle solaris cluster 4.0
oracle access manager 11.1.2.3.0
oracle weblogic server 12.2.1.3.0
oracle webcenter portal 12.2.1.3.0
oracle access manager 12.2.1.3.0
oracle application testing suite 13.3.0.1
oracle retail order broker 16.0
oracle banking platform 2.6.2
oracle primavera unifier 18.8
oracle primavera unifier *
oracle agile plm 9.3.6
oracle banking digital experience 18.3
oracle banking digital experience 19.1
oracle banking digital experience 18.1
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle webcenter portal 12.2.1.4.0
oracle fusion middleware mapviewer 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle banking digital experience 19.2
oracle banking digital experience 20.1
oracle enterprise session border controller 8.4
oracle banking platform 2.7.0
oracle retail merchandising system 16.0.3
oracle banking platform 2.7.1
oracle primavera unifier 20.12
oracle communications order and service management 7.4
oracle retail order broker 18.0
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle communications billing and revenue management elastic charging engine 11.3
oracle communications billing and revenue management elastic charging engine 12.0
oracle communications interactive session recorder 6.3
oracle communications interactive session recorder 6.4
oracle commerce guided search 11.3.2
oracle insurance policy administration 11.3.0
oracle retail service backbone 15.0.3.1
oracle retail service backbone 14.1.3.2
oracle insurance policy administration 11.0.2
oracle communications cloud native core unified data repository 1.4.0
oracle retail order broker 19.1
oracle enterprise session border controller 9.0
oracle healthcare data repository 8.1.0
oracle communications application session controller 3.9.0
oracle communications converged application server - service controller 6.2
oracle banking enterprise default management 2.12.0
oracle banking enterprise default management 2.10.0
oracle real user experience insight 13.4.1.0
oracle real user experience insight 13.5.1.0
oracle communications cloud native core network repository function 1.14.0
oracle banking party management 2.7.0
oracle retail integration bus 14.1.3.2
oracle retail integration bus 15.0.3.1
oracle agile engineering data management 6.2.1.0
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle retail xstore point of service 20.0.1
oracle retail merchandising system 19.0.1
oracle flexcube core banking 11.10.0
oracle retail assortment planning 16.0.3
oracle communications order and service management 7.3
oracle retail size profile optimization 16.0.3
oracle access manager 12.2.1.4.0
oracle financial services analytical applications infrastructure *
oracle communications pricing design center 12.0.0.4.0
oracle communications convergence 3.0.2.2.0
oracle primavera unifier 21.12
oracle utilities testing accelerator 6.0.0.2.2
oracle utilities testing accelerator 6.0.0.3.1
oracle utilities testing accelerator 6.0.0.1.1
oracle retail service backbone 19.0.0
oracle retail service backbone *
oracle retail integration bus *
oracle communications service broker 6.2
oracle banking digital experience 21.1
oracle banking apis 19.1
oracle banking apis 19.2
oracle banking apis 20.1
oracle banking apis 21.1
oracle communications cloud native core policy 1.14.0
oracle application performance management 13.5.1.0
oracle application performance management 13.4.1.0
oracle banking platform *
oracle banking enterprise default managment *
oracle banking apis 18.2
oracle banking digital experience 17.2
oracle banking apis 18.1
oracle banking apis 18.3
oracle communications design studio 7.3.5
oracle financial services model management and governance *
oracle enterprise communications broker 3.3
oracle communications offline mediation controller 12.0.0.3
oracle oss support tools *
oracle retail service backbone 14.1.3.0
oracle retail service backbone 19.0.1
oracle retail integration bus 14.1.3.0
oracle retail integration bus 19.0.0
oracle retail integration bus 19.0.1
oracle insurance rules palette 11.3.1
oracle insurance policy administration 11.1.0
oracle insurance policy administration 11.3.1
oracle banking enterprise default management 2.7.0
oracle banking enterprise default management 2.7.1
oracle banking enterprise default management 2.6.2
oracle insurance rules palette 11.3.0
oracle communications diameter intelligence hub *
oracle insurance policy administration 11.2.8
oracle communications diameter intelligence hub *
oracle communications pricing design center 12.0.0.5.0
oracle blockchain platform *
oracle insurance rules palette 11.2.8
oracle health sciences information manager *
oracle helidon 2.2.0
oracle helidon 1.4.7
oracle communications policy management 12.5.0.0.0
oracle communications design studio *
oracle communications contacts server 8.0.0.6.0
oracle rest data services *
oracle rest data services 21.3
oracle retail pricing 19.0.1
oracle health sciences data management workbench 2.5.2.1
oracle health sciences data management workbench 3.0.0.0
oracle flexcube core banking *
netapp active iq unified manager -
netapp active iq unified manager -
netapp active iq unified manager -
apache commons io 2.2 -
apache commons io 2.6 -
ibm ediscovery manager 2.2.2
ibm tivoli netcool/omnibus 8.1.0
oracle weblogic server 12.1.3.0.0
oracle retail order broker cloud service 16.0
oracle weblogic server 12.2.1.3.0
oracle agile plm framework 9.3.6
ibm business process manager 8.6
oracle webcenter portal 12.2.1.3.0
ibm infosphere information server 11.7
ibm infosphere identity insight 9.0
ibm business automation workflow 18.0.0.0
ibm qradar security information and event manager 7.3
ibm security guardium 10.5
oracle primavera unifier 17.12
oracle banking platform 2.6.2
ibm business automation workflow 18.0.0.1
oracle primavera unifier 18.8
oracle peoplesoft enterprise peopletools 8.57
ibm business automation workflow 18.0.0.2
ibm sterling b2b integrator 6.0.0.0
ibm security guardium 10.6
ibm cognos command center 10.2.4.1
ibm business automation workflow 19.0.0.1
ibm spectrum scale 1.1.1.0
ibm business automation workflow 19.0.0.2
ibm tivoli netcool/impact 7.1.0.0
ibm watson discovery 2.0.0
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm cloud transformation advisor 2.0.1
ibm business automation workflow 19.0.0.3
ibm mobilefirst platform foundation 8.0.0.0
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm security guardium 11.0
ibm security guardium 11.1
ibm qradar security information and event manager 7.4 -
ibm voice gateway 1.0.5
ibm security guardium 11.2
ibm business automation workflow 20.0.0.1
ibm sterling b2b integrator 6.1.0.0
ibm business automation workflow 20.0.0.2
ibm integration designer 20.0.0.2
ibm voice gateway 1.0.7
ibm watson discovery 2.2.1
ibm security guardium 11.3
ibm tivoli netcool/impact 7.1.0.21
ibm tivoli netcool/impact 7.1.0.0
ibm tivoli netcool/impact 7.1.0.21
ibm business automation workflow 21.0.2
ibm cloud pak for security 1.7.2.0
ibm cognos analytics 11.2.0
ibm cognos analytics 11.1.7
ibm planning analytics 2.0
ibm security guardium 11.4
ibm cognos analytics 11.2.1
ibm sterling b2b integrator 6.1.1.0
ibm business automation workflow 20.0.0.1
ibm business automation workflow 20.0.0.2
ibm business automation workflow 21.0.1
ibm case manager 5.3.3
ibm business automation workflow 22.0.1
ibm business automation workflow 21.0.3.1
ibm business automation workflow 22.0.2
ibm multi-enterprise integration gateway 1.0.0.1
Denotes that component is vulnerable