CVE-2021-36090

Apache Commons Compress 1.0 to 1.20 denial of service vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Al leer un archivo ZIP especialmente diseñado, Compress puede asignar grandes cantidades de memoria que finalmente conllevan a un error de falta de memoria incluso para entradas muy pequeñas. Esto podría ser usado para montar un ataque de denegación de servicio contra los servicios que usan el paquete zip de Compress

A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress' zip package. The highest threat from this vulnerability is to system availability.

*Credits: This issue was discovered by OSS Fuzz.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-07-01 CVE Reserved
2021-07-13 CVE Published
2024-08-04 CVE Updated
2024-08-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (36)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2021/07/13/4	Mailing List
http://www.openwall.com/lists/oss-security/2021/07/13/6	Mailing List
https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9%40%3Cannounce.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd%40%3Cissues.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949%40%3Ccommits.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53%40%3Cannounce.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7%40%3Cnotifications.james.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6%40%3Cissues.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a%40%3Cissues.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20211022-0001	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuapr2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpujan2022.html	2023-11-07
https://www.oracle.com/security-alerts/cpujul2022.html	2023-11-07

URL	Date	SRC
https://commons.apache.org/proper/commons-compress/security-reports.html	2023-11-07
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-36090	2022-07-14
https://bugzilla.redhat.com/show_bug.cgi?id=1981909	2022-07-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Commons Compress Search vendor "Apache" for product "Commons Compress"				>= 1.0 < 1.21 Search vendor "Apache" for product "Commons Compress" and version " >= 1.0 < 1.21"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				>= 18.1 <= 18.3 Search vendor "Oracle" for product "Banking Apis" and version " >= 18.1 <= 18.3"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				19.1 Search vendor "Oracle" for product "Banking Apis" and version "19.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				19.2 Search vendor "Oracle" for product "Banking Apis" and version "19.2"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				20.1 Search vendor "Oracle" for product "Banking Apis" and version "20.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				21.1 Search vendor "Oracle" for product "Banking Apis" and version "21.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				>= 18.1 <= 18.3 Search vendor "Oracle" for product "Banking Digital Experience" and version " >= 18.1 <= 18.3"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				19.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "19.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				19.2 Search vendor "Oracle" for product "Banking Digital Experience" and version "19.2"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				20.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "20.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				21.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "21.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Enterprise Default Management Search vendor "Oracle" for product "Banking Enterprise Default Management"				2.7.0 Search vendor "Oracle" for product "Banking Enterprise Default Management" and version "2.7.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Party Management Search vendor "Oracle" for product "Banking Party Management"				2.7.0 Search vendor "Oracle" for product "Banking Party Management" and version "2.7.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Payments Search vendor "Oracle" for product "Banking Payments"				14.5 Search vendor "Oracle" for product "Banking Payments" and version "14.5"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.6.2 Search vendor "Oracle" for product "Banking Platform" and version "2.6.2"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.7.1 Search vendor "Oracle" for product "Banking Platform" and version "2.7.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.9.0 Search vendor "Oracle" for product "Banking Platform" and version "2.9.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Platform Search vendor "Oracle" for product "Banking Platform"				2.12.0 Search vendor "Oracle" for product "Banking Platform" and version "2.12.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Trade Finance Search vendor "Oracle" for product "Banking Trade Finance"				14.5 Search vendor "Oracle" for product "Banking Trade Finance" and version "14.5"		-		Affected
Oracle Search vendor "Oracle"		Banking Treasury Management Search vendor "Oracle" for product "Banking Treasury Management"				14.5 Search vendor "Oracle" for product "Banking Treasury Management" and version "14.5"		-		Affected
Oracle Search vendor "Oracle"		Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite"				12.2.1.3.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Business Process Management Suite Search vendor "Oracle" for product "Business Process Management Suite"				12.2.1.4.0 Search vendor "Oracle" for product "Business Process Management Suite" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Commerce Guided Search Search vendor "Oracle" for product "Commerce Guided Search"				11.3.2 Search vendor "Oracle" for product "Commerce Guided Search" and version "11.3.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management"				12.0.0.4 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "12.0.0.4"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Automated Test Suite Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite"				1.8.0 Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite" and version "1.8.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Service Communication Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy"				1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.14.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"				1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "1.14.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub"				>= 8.0.0 <= 8.2.3 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version " >= 8.0.0 <= 8.2.3"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Intelligence Hub Search vendor "Oracle" for product "Communications Diameter Intelligence Hub"				8.2.3 Search vendor "Oracle" for product "Communications Diameter Intelligence Hub" and version "8.2.3"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				>= 8.2.0 <= 8.2.4.0 Search vendor "Oracle" for product "Communications Element Manager" and version " >= 8.2.0 <= 8.2.4.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager"				>= 8.2.0 <= 8.2.5.0 Search vendor "Oracle" for product "Communications Session Report Manager" and version " >= 8.2.0 <= 8.2.5.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager"				>= 8.0.0 <= 8.2.5.0 Search vendor "Oracle" for product "Communications Session Route Manager" and version " >= 8.0.0 <= 8.2.5.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.4.0 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.4.1 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.4.2 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.5.0 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.5.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"				>= 8.0.6 <= 8.1.1 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.6 <= 8.1.1"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio"				8.0.8.2.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.2.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio"				8.0.8.3.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.3.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				*		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				8.0.7.2.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.7.2.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				8.0.8.1.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.8.1.0"		-		Affected
Oracle Search vendor "Oracle"		Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking"				>= 14.0.0 <= 14.3.0 Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.0.0 <= 14.3.0"		-		Affected
Oracle Search vendor "Oracle"		Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking"				12.4 Search vendor "Oracle" for product "Flexcube Universal Banking" and version "12.4"		-		Affected
Oracle Search vendor "Oracle"		Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking"				14.5 Search vendor "Oracle" for product "Flexcube Universal Banking" and version "14.5"		-		Affected
Oracle Search vendor "Oracle"		Healthcare Data Repository Search vendor "Oracle" for product "Healthcare Data Repository"				8.1.0 Search vendor "Oracle" for product "Healthcare Data Repository" and version "8.1.0"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				11.0.2 Search vendor "Oracle" for product "Insurance Policy Administration" and version "11.0.2"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				11.1.0 Search vendor "Oracle" for product "Insurance Policy Administration" and version "11.1.0"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				11.2.8 Search vendor "Oracle" for product "Insurance Policy Administration" and version "11.2.8"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				11.3.0 Search vendor "Oracle" for product "Insurance Policy Administration" and version "11.3.0"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				11.3.1 Search vendor "Oracle" for product "Insurance Policy Administration" and version "11.3.1"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"		-		Affected
Oracle Search vendor "Oracle"		Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway"				>= 17.12.0 <= 17.12.11 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 17.12.0 <= 17.12.11"		-		Affected
Oracle Search vendor "Oracle"		Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway"				>= 18.8.0 <= 18.8.12 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 18.8.0 <= 18.8.12"		-		Affected
Oracle Search vendor "Oracle"		Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway"				>= 19.12.0 <= 19.12.11 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 19.12.0 <= 19.12.11"		-		Affected
Oracle Search vendor "Oracle"		Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway"				>= 20.12.0 <= 20.12.7 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 20.12.0 <= 20.12.7"		-		Affected
Oracle Search vendor "Oracle"		Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier"				>= 17.7 <= 17.12 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.7 <= 17.12"		-		Affected
Oracle Search vendor "Oracle"		Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier"				18.8 Search vendor "Oracle" for product "Primavera Unifier" and version "18.8"		-		Affected
Oracle Search vendor "Oracle"		Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier"				19.12 Search vendor "Oracle" for product "Primavera Unifier" and version "19.12"		-		Affected
Oracle Search vendor "Oracle"		Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier"				20.12 Search vendor "Oracle" for product "Primavera Unifier" and version "20.12"		-		Affected
Oracle Search vendor "Oracle"		Utilities Testing Accelerator Search vendor "Oracle" for product "Utilities Testing Accelerator"				6.0.0.1.1 Search vendor "Oracle" for product "Utilities Testing Accelerator" and version "6.0.0.1.1"		-		Affected
Oracle Search vendor "Oracle"		Utilities Testing Accelerator Search vendor "Oracle" for product "Utilities Testing Accelerator"				6.0.0.2.2 Search vendor "Oracle" for product "Utilities Testing Accelerator" and version "6.0.0.2.2"		-		Affected
Oracle Search vendor "Oracle"		Utilities Testing Accelerator Search vendor "Oracle" for product "Utilities Testing Accelerator"				6.0.0.3.1 Search vendor "Oracle" for product "Utilities Testing Accelerator" and version "6.0.0.3.1"		-		Affected
Oracle Search vendor "Oracle"		Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal"				12.2.1.3.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Webcenter Portal Search vendor "Oracle" for product "Webcenter Portal"				12.2.1.4.0 Search vendor "Oracle" for product "Webcenter Portal" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Messaging Server Search vendor "Oracle" for product "Communications Messaging Server"				8.1 Search vendor "Oracle" for product "Communications Messaging Server" and version "8.1"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		linux		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		windows		Affected
Netapp Search vendor "Netapp"		Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight"				-		-		Affected