CVE-2021-21350 Vulnerability Analysis & Exploit Details

CVE-2021-21350 Vulnerability Summary

CVE-2021-21350: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 11.004% (probability of exploit)

EPSS Percentile: 95.25% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 4.75% of others.

CVE-2021-21350 References

External References

• http://x-stream.github.io/changes.html#1.4.16
• https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
• https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E
• https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
• https://security.netapp.com/advisory/ntap-20210430-0002/
• https://www.debian.org/security/2021/dsa-5004
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://x-stream.github.io/CVE-2021-21350.html
• https://x-stream.github.io/security.html#workaround
• http://x-stream.github.io/changes.html#1.4.16
• https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
• https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3Cusers.activemq.apache.org%3E
• https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0%40%3Cdev.jmeter.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
• https://security.netapp.com/advisory/ntap-20210430-0002/
• https://www.debian.org/security/2021/dsa-5004
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://x-stream.github.io/CVE-2021-21350.html
• https://x-stream.github.io/security.html#workaround

CWE Common Weakness Enumeration

NVD-CWE-noinfo

Vulnerable Configurations

• cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.11.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.12.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.4:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.13.5:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.4:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.14.5:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.4:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.5:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.6:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.7:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.8:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.10:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.11:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.15.13:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:activemq:5.16.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.7.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.7.1a:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.7.1a:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.7.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.8:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.8:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.8.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.9:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:1.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:1.9.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.3:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.3:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.3:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.3:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.3:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.3:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.4:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.4:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.4:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.4:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.4:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.4:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.3.4:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.3.4:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.4:*:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5.1:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5.1:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5.1:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5.1:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5.1:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5.1:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5.1:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5.1:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.5:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.5:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.6:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.6:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.6:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.6:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.6:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.6:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.7:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.7:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.7:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.7:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.7:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.7:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.7:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.7:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.8:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.8:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.8:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.8:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.8:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.8:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.9:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.9:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.9:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.9:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.9:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.9:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.9:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.9:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.10:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.10:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.10:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.10:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.10:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.10:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.11:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.11:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.11:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.11:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.11:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.11:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.12:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.12:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.12:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.12:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.12:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.12:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.13:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.13:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.13:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.13:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:2.13:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:2.13:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:rc4:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:rc4:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.0:rc5:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.0:rc5:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.1:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.1:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.1:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.1:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.1:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.1:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.1:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.1:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.1:rc4:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.1:rc4:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.2:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.2:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.2:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.2:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.2:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.2:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.2:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.2:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.3:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.3:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:3.3:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:3.3:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc4:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc4:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc5:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc5:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc6:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc6:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:4.0:rc7:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:4.0:rc7:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.0:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.0:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.1:-:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.1:-:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.1:rc1:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.1:rc1:*:*:*:*:*:*
• cpe:2.3:a:apache:jmeter:5.1:rc2:*:*:*:*:*:*
  cpe:2.3:a:apache:jmeter:5.1:rc2:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:-:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:-:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.3:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.3:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.4:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.4:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.5:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.5:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.6:-:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.6:-:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:0.6:rc1:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:0.6:rc1:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.1.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.1.3:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.3:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.3:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.6:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.7:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.8:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.9:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.10:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.11:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.11.1:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.12:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.12:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.13:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.13:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.14:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.14:*:*:*:*:*:*:*
• cpe:2.3:a:xstream:xstream:1.4.15:*:*:*:*:*:*:*
  cpe:2.3:a:xstream:xstream:1.4.15:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-5497 – A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the...
• CVE-2025-5495 – A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL...
• CVE-2025-4517 – Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability ...
• CVE-2025-4435 – When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extr...
• CVE-2025-4330 – Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file ...