CVE-2020-36183

📊 8.1 HIGH⚡ 2.1%🎯 1 exploits

📅 Published Jan 7, 2021

📋 Status: Modified

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

75 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fasterxml	jackson-databind	≥ 2.0.0. ∧ < 2.6.7.5	Vulnerable	cpe:2.3:a:fasterxml:jackson-databind::::::::
📱App	fasterxml	jackson-databind	≥ 2.7.0 ∧ < 2.9.10.8	Vulnerable	cpe:2.3:a:fasterxml:jackson-databind::::::::
📱App	netapp	cloud backup	All versions	Vulnerable	cpe:2.3:a:netapp:cloud_backup:-:::::::*
📱App	netapp	service level manager	All versions	Vulnerable	cpe:2.3:a:netapp:service_level_manager:-:::::::*
💻OS	debian	debian linux	9.0	Vulnerable	cpe:2.3:o:debian:debian_linux:9.0:::::::*
📱App	oracle	agile plm	9.3.6	Vulnerable	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
📱App	oracle	application testing suite	13.3.0.1	Vulnerable	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
📱App	oracle	autovue for agile product lifecycle management	21.0.2	Vulnerable	cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*
📱App	oracle	banking corporate lending process management	14.2	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:::::::*
📱App	oracle	banking corporate lending process management	14.3	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:::::::*
📱App	oracle	banking corporate lending process management	14.5	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:::::::*
📱App	oracle	banking credit facilities process management	14.2	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:::::::*
📱App	oracle	banking credit facilities process management	14.3	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:::::::*
📱App	oracle	banking credit facilities process management	14.5	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:::::::*
📱App	oracle	banking extensibility workbench	14.2	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:::::::*
📱App	oracle	banking extensibility workbench	14.3	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:::::::*
📱App	oracle	banking extensibility workbench	14.5	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:::::::*
📱App	oracle	banking supply chain finance	14.2	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:::::::*
📱App	oracle	banking supply chain finance	14.3	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:::::::*
📱App	oracle	banking supply chain finance	14.5	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:::::::*
📱App	oracle	banking treasury management	4.4	Vulnerable	cpe:2.3:a:oracle:banking_treasury_management:4.4:::::::*
📱App	oracle	banking virtual account management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:::::::*
📱App	oracle	banking virtual account management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:::::::*
📱App	oracle	banking virtual account management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:::::::*
📱App	oracle	blockchain platform	≤ 21.1.2	Vulnerable	cpe:2.3:a:oracle:blockchain_platform::::::::
📱App	oracle	commerce platform	≥ 11.3.0 ∧ ≤ 11.3.2	Vulnerable	cpe:2.3:a:oracle:commerce_platform::::::::
📱App	oracle	commerce platform	11.2.0	Vulnerable	cpe:2.3:a:oracle:commerce_platform:11.2.0:::::::*
📱App	oracle	communications billing and revenue management	7.5.0.23.0	Vulnerable	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
📱App	oracle	communications billing and revenue management	12.0.0.3.0	Vulnerable	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
📱App	oracle	communications cloud native core policy	1.14.0	Vulnerable	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*
📱App	oracle	communications cloud native core unified data repository	1.4.0	Vulnerable	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:::::::*
📱App	oracle	communications convergent charging controller	12.0.4.0.0	Vulnerable	cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:::::::*
📱App	oracle	communications diameter signaling route	≥ 8.0.0.0 ∧ ≤ 8.5.0.0	Vulnerable	cpe:2.3:a:oracle:communications_diameter_signaling_route::::::::
📱App	oracle	communications element manager	≥ 8.2.0.0 ∧ ≤ 8.2.4.0	Vulnerable	cpe:2.3:a:oracle:communications_element_manager::::::::
📱App	oracle	communications evolved communications application server	7.1	Vulnerable	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
📱App	oracle	communications instant messaging server	10.0.1.5.0	Vulnerable	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*
📱App	oracle	communications network charging and control	12.0.4.0.0	Vulnerable	cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:::::::*
📱App	oracle	communications offline mediation controller	12.0.0.3	Vulnerable	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:::::::*
📱App	oracle	communications policy management	12.5.0	Vulnerable	cpe:2.3:a:oracle:communications_policy_management:12.5.0:::::::*
📱App	oracle	communications pricing design center	12.0.0.4.0	Vulnerable	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:::::::*
📱App	oracle	communications services gatekeeper	7.0	Vulnerable	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
📱App	oracle	communications session report manager	≥ 8.0.0.0 ∧ ≤ 8.2.2.1	Vulnerable	cpe:2.3:a:oracle:communications_session_report_manager::::::::
📱App	oracle	communications session route manager	≥ 8.2.0.0 ∧ ≤ 8.2.2.1	Vulnerable	cpe:2.3:a:oracle:communications_session_route_manager::::::::
📱App	oracle	communications unified inventory management	7.4.1	Vulnerable	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
📱App	oracle	data integrator	12.2.1.4.0	Vulnerable	cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*
📱App	oracle	documaker	12.6.0	Vulnerable	cpe:2.3:a:oracle:documaker:12.6.0:::::::*
📱App	oracle	documaker	12.6.3	Vulnerable	cpe:2.3:a:oracle:documaker:12.6.3:::::::*
📱App	oracle	documaker	12.6.4	Vulnerable	cpe:2.3:a:oracle:documaker:12.6.4:::::::*
📱App	oracle	goldengate application adapters	19.1.0.0.0	Vulnerable	cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:::::::*
📱App	oracle	insurance policy administration	≥ 11.1.0 ∧ ≤ 11.3.0	Vulnerable	cpe:2.3:a:oracle:insurance_policy_administration::::::::
📱App	oracle	insurance policy administration	11.0.2	Vulnerable	cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::*
📱App	oracle	insurance rules palette	≥ 11.1.0 ∧ ≤ 11.3.0	Vulnerable	cpe:2.3:a:oracle:insurance_rules_palette::::::::
📱App	oracle	insurance rules palette	11.0.2	Vulnerable	cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:::::::*
📱App	oracle	jd edwards enterpriseone orchestrator	< 9.2.5.3	Vulnerable	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
📱App	oracle	jd edwards enterpriseone tools	< 9.2.5.3	Vulnerable	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
📱App	oracle	primavera gateway	≥ 17.12.0 ∧ ≤ 17.12.11	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	≥ 18.8.0 ∧ ≤ 18.8.11	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	≥ 19.12.0 ∧ ≤ 19.12.10	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	20.12.0	Vulnerable	cpe:2.3:a:oracle:primavera_gateway:20.12.0:::::::*
📱App	oracle	primavera unifier	≥ 17.7 ∧ ≤ 17.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier::::::::
📱App	oracle	primavera unifier	17.2	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:17.2:::::::*
📱App	oracle	primavera unifier	18.8	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
📱App	oracle	primavera unifier	19.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
📱App	oracle	primavera unifier	20.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
📱App	oracle	retail customer management and segmentation foundation	≥ 16.0 ∧ ≤ 19.0	Vulnerable	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation::::::::
📱App	oracle	retail merchandising system	15.0.3	Vulnerable	cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:::::::*
📱App	oracle	retail service backbone	14.1.3.2	Vulnerable	cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
📱App	oracle	retail service backbone	15.0.3.1	Vulnerable	cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
📱App	oracle	retail service backbone	16.0.3.0	Vulnerable	cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:::::::*
📱App	oracle	retail xstore point of service	16.0.6	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*
📱App	oracle	retail xstore point of service	17.0.4	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
📱App	oracle	retail xstore point of service	18.0.3	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
📱App	oracle	retail xstore point of service	19.0.2	Vulnerable	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
📱App	oracle	webcenter portal	12.2.1.3.0	Vulnerable	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
📱App	oracle	webcenter portal	12.2.1.4.0	Vulnerable	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*

📱

fasterxml / jackson-databind

Application

Vulnerable

Version: ≥ 2.0.0. ∧ < 2.6.7.5

CPE:

cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

📱

fasterxml / jackson-databind

Application

Vulnerable

Version: ≥ 2.7.0 ∧ < 2.9.10.8

CPE:

cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

📱

netapp / cloud backup

Application

Vulnerable

Version: All versions

CPE:

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

📱

netapp / service level manager

Application

Vulnerable

Version: All versions

CPE:

cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

💻

debian / debian linux

Operating System

Vulnerable

Version: 9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

📱

oracle / agile plm

Application

Vulnerable

Version: 9.3.6

CPE:

cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*

📱

oracle / application testing suite

Application

Vulnerable

Version: 13.3.0.1

CPE:

cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*

📱

oracle / autovue for agile product lifecycle management

Application

Vulnerable

Version: 21.0.2

CPE:

cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.2

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.3

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.2

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.3

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.2

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.3

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.2

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.3

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.5

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*

📱

oracle / banking treasury management

Application

Vulnerable

Version: 4.4

CPE:

cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking virtual account management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / blockchain platform

Application

Vulnerable

Version: ≤ 21.1.2

CPE:

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

📱

oracle / commerce platform

Application

Vulnerable

Version: ≥ 11.3.0 ∧ ≤ 11.3.2

CPE:

cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*

📱

oracle / commerce platform

Application

Vulnerable

Version: 11.2.0

CPE:

cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*

📱

oracle / communications billing and revenue management

Application

Vulnerable

Version: 7.5.0.23.0

CPE:

cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*

📱

oracle / communications billing and revenue management

Application

Vulnerable

Version: 12.0.0.3.0

CPE:

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

📱

oracle / communications cloud native core policy

Application

Vulnerable

Version: 1.14.0

CPE:

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

📱

oracle / communications cloud native core unified data repository

Application

Vulnerable

Version: 1.4.0

CPE:

cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*

📱

oracle / communications convergent charging controller

Application

Vulnerable

Version: 12.0.4.0.0

CPE:

cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*

📱

oracle / communications diameter signaling route

Application

Vulnerable

Version: ≥ 8.0.0.0 ∧ ≤ 8.5.0.0

CPE:

cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*

📱

oracle / communications element manager

Application

Vulnerable

Version: ≥ 8.2.0.0 ∧ ≤ 8.2.4.0

CPE:

cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*

📱

oracle / communications evolved communications application server

Application

Vulnerable

Version: 7.1

CPE:

cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*

📱

oracle / communications instant messaging server

Application

Vulnerable

Version: 10.0.1.5.0

CPE:

cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*

📱

oracle / communications network charging and control

Application

Vulnerable

Version: 12.0.4.0.0

CPE:

cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*

📱

oracle / communications offline mediation controller

Application

Vulnerable

Version: 12.0.0.3

CPE:

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*

📱

oracle / communications policy management

Application

Vulnerable

Version: 12.5.0

CPE:

cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*

📱

oracle / communications pricing design center

Application

Vulnerable

Version: 12.0.0.4.0

CPE:

cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*

📱

oracle / communications services gatekeeper

Application

Vulnerable

Version: 7.0

CPE:

cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*

📱

oracle / communications session report manager

Application

Vulnerable

Version: ≥ 8.0.0.0 ∧ ≤ 8.2.2.1

CPE:

cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*

📱

oracle / communications session route manager

Application

Vulnerable

Version: ≥ 8.2.0.0 ∧ ≤ 8.2.2.1

CPE:

cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*

📱

oracle / communications unified inventory management

Application

Vulnerable

Version: 7.4.1

CPE:

cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*

📱

oracle / data integrator

Application

Vulnerable

Version: 12.2.1.4.0

CPE:

cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*

📱

oracle / documaker

Application

Vulnerable

Version: 12.6.0

CPE:

cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*

📱

oracle / documaker

Application

Vulnerable

Version: 12.6.3

CPE:

cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*

📱

oracle / documaker

Application

Vulnerable

Version: 12.6.4

CPE:

cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*

📱

oracle / goldengate application adapters

Application

Vulnerable

Version: 19.1.0.0.0

CPE:

cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*

📱

oracle / insurance policy administration

Application

Vulnerable

Version: ≥ 11.1.0 ∧ ≤ 11.3.0

CPE:

cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*

📱

oracle / insurance policy administration

Application

Vulnerable

Version: 11.0.2

CPE:

cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*

📱

oracle / insurance rules palette

Application

Vulnerable

Version: ≥ 11.1.0 ∧ ≤ 11.3.0

CPE:

cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*

📱

oracle / insurance rules palette

Application

Vulnerable

Version: 11.0.2

CPE:

cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*

📱

oracle / jd edwards enterpriseone orchestrator

Application

Vulnerable

Version: < 9.2.5.3

CPE:

cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*

📱

oracle / jd edwards enterpriseone tools

Application

Vulnerable

Version: < 9.2.5.3

CPE:

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 17.12.0 ∧ ≤ 17.12.11

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 18.8.0 ∧ ≤ 18.8.11

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 19.12.0 ∧ ≤ 19.12.10

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: 20.12.0

CPE:

cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: ≥ 17.7 ∧ ≤ 17.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 17.2

CPE:

cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 18.8

CPE:

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 19.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 20.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*

📱

oracle / retail customer management and segmentation foundation

Application

Vulnerable

Version: ≥ 16.0 ∧ ≤ 19.0

CPE:

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*

📱

oracle / retail merchandising system

Application

Vulnerable

Version: 15.0.3

CPE:

cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*

📱

oracle / retail service backbone

Application

Vulnerable

Version: 14.1.3.2

CPE:

cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*

📱

oracle / retail service backbone

Application

Vulnerable

Version: 15.0.3.1

CPE:

cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*

📱

oracle / retail service backbone

Application

Vulnerable

Version: 16.0.3.0

CPE:

cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 16.0.6

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 17.0.4

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 18.0.3

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*

📱

oracle / retail xstore point of service

Application

Vulnerable

Version: 19.0.2

CPE:

cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*

📱

oracle / webcenter portal

Application

Vulnerable

Version: 12.2.1.3.0

CPE:

cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

📱

oracle / webcenter portal

Application

Vulnerable

Version: 12.2.1.4.0

CPE:

cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

75 products•scroll for more

Metrics

8.1 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

HIGH

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

8.1 (HIGH)v3.1

Source: [email protected]

EPSS Details

2.1% (Minimal)83.4th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Jan 7, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-502

Available exploits (1)

🔐 Sign-in Required

Sign in to view exploits and proof-of-concept code.

Sign In Create Account

References10

NVDpatchpatch+7