Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/147751?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/147751?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.8.1", "type": "maven", "namespace": "xerces", "name": "xercesImpl", "version": "2.8.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.2", "latest_non_vulnerable_version": "2.12.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4799?format=api", "vulnerability_id": "VCID-2gpd-vwgb-67cn", "summary": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2625.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81453", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81422", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81479", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01562", "scoring_system": "epss", "scoring_elements": "0.81451", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01746", "scoring_system": "epss", "scoring_elements": "0.82536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01746", "scoring_system": "epss", "scoring_elements": "0.82541", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2625" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625" }, { "reference_url": "http://secunia.com/advisories/36162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36162" }, { "reference_url": "http://secunia.com/advisories/36176", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36176" }, { "reference_url": "http://secunia.com/advisories/36180", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36180" }, { "reference_url": "http://secunia.com/advisories/36199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36199" }, { "reference_url": "http://secunia.com/advisories/37300", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37300" }, { "reference_url": "http://secunia.com/advisories/37460", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37460" }, { "reference_url": "http://secunia.com/advisories/37671", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37671" }, { "reference_url": "http://secunia.com/advisories/37754", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37754" }, { "reference_url": "http://secunia.com/advisories/38231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/38231" }, { "reference_url": "http://secunia.com/advisories/38342", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/38342" }, { "reference_url": "http://secunia.com/advisories/43300", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/43300" }, { "reference_url": "http://secunia.com/advisories/50549", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/50549" }, { "reference_url": "https://github.com/apache/xerces2-j/commit/0bdf77af1d4fd26ec2e630fb6d12e2dfa77bc12b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/xerces2-j/commit/0bdf77af1d4fd26ec2e630fb6d12e2dfa77bc12b" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-XERCES-32014", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-XERCES-32014" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1" }, { "reference_url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" }, { "reference_url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" }, { "reference_url": "http://www.codenomicon.com/labs/xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.codenomicon.com/labs/xml" }, { "reference_url": "http://www.codenomicon.com/labs/xml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.codenomicon.com/labs/xml/" }, { "reference_url": "http://www.debian.org/security/2010/dsa-1984", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2010/dsa-1984" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108" }, { "reference_url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/09/06/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/10/22/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/10/23/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/10/26/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/35958", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/35958" }, { "reference_url": "http://www.securitytracker.com/id?1022680", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id?1022680" }, { "reference_url": "http://www.ubuntu.com/usn/USN-890-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-890-1" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2543", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2543" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3316", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0359", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2011/0359" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548358", "reference_id": "548358", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548358" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2009-2625", "reference_id": "CVE-2009-2625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2009-2625" }, { "reference_url": "https://github.com/advisories/GHSA-334p-wv2m-w3vp", "reference_id": "GHSA-334p-wv2m-w3vp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-334p-wv2m-w3vp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1199", "reference_id": "RHSA-2009:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1200", "reference_id": "RHSA-2009:1200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1201", "reference_id": "RHSA-2009:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1236", "reference_id": "RHSA-2009:1236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1505", "reference_id": "RHSA-2009:1505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1551", "reference_id": "RHSA-2009:1551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1582", "reference_id": "RHSA-2009:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1615", "reference_id": "RHSA-2009:1615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1636", "reference_id": "RHSA-2009:1636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1637", "reference_id": "RHSA-2009:1637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1649", "reference_id": "RHSA-2009:1649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1650", "reference_id": "RHSA-2009:1650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1662", "reference_id": "RHSA-2009:1662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0043", "reference_id": "RHSA-2010:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0858", "reference_id": "RHSA-2011:0858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0725", "reference_id": "RHSA-2012:0725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1232", "reference_id": "RHSA-2012:1232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1537", "reference_id": "RHSA-2012:1537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0763", "reference_id": "RHSA-2013:0763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0763" }, { "reference_url": "https://usn.ubuntu.com/814-1/", "reference_id": "USN-814-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/814-1/" }, { "reference_url": "https://usn.ubuntu.com/890-1/", "reference_id": "USN-890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/890-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19957?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.10.0" } ], "aliases": [ "CVE-2009-2625", "GHSA-334p-wv2m-w3vp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpd-vwgb-67cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4827?format=api", "vulnerability_id": "VCID-a6wc-3mp6-63ek", "summary": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0414", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4002.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4002.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90269", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90286", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.9029", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90305", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90312", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.9032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05597", "scoring_system": "epss", "scoring_elements": "0.90319", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4002" }, { "reference_url": "http://secunia.com/advisories/56257", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/56257" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" }, { "reference_url": "https://github.com/apache/xerces2-j", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/xerces2-j" }, { "reference_url": "https://github.com/apache/xerces2-j/commit/266e837852e0f0e3c8c1ad572b6fc4dbb4ded17", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/xerces2-j/commit/266e837852e0f0e3c8c1ad572b6fc4dbb4ded17" }, { "reference_url": "https://github.com/apache/xerces2-j/commit/628cbc7142ef9acfb61b8e571aab63504235849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/xerces2-j/commit/628cbc7142ef9acfb61b8e571aab63504235849" }, { "reference_url": "https://issues.apache.org/jira/browse/XERCESJ-1679", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1679" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002" }, { "reference_url": "http://support.apple.com/kb/HT5982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5982" }, { "reference_url": "http://svn.apache.org/viewvc?view=revision&revision=1499506", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc?view=revision&revision=1499506" }, { "reference_url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" }, { "reference_url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" }, { "reference_url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002" }, { "reference_url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" }, { "reference_url": "http://www.ibm.com/support/docview.wss?uid=swg21648172", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172" }, { "reference_url": "http://www.securityfocus.com/bid/61310", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/61310" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2033-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2033-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2089-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2089-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019176", "reference_id": "1019176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019176" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "reference_id": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2013-4002", "reference_id": "CVE-2013-4002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2013-4002" }, { "reference_url": "https://github.com/advisories/GHSA-7j4h-8wpf-rqfh", "reference_id": "GHSA-7j4h-8wpf-rqfh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j4h-8wpf-rqfh" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1059", "reference_id": "RHSA-2013:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1060", "reference_id": "RHSA-2013:1060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1081", "reference_id": "RHSA-2013:1081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1081" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1440", "reference_id": "RHSA-2013:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1447", "reference_id": "RHSA-2013:1447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1451", "reference_id": "RHSA-2013:1451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1505", "reference_id": "RHSA-2013:1505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1319", "reference_id": "RHSA-2014:1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1818", "reference_id": "RHSA-2014:1818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1821", "reference_id": "RHSA-2014:1821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1822", "reference_id": "RHSA-2014:1822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1823", "reference_id": "RHSA-2014:1823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0269", "reference_id": "RHSA-2015:0269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0773", "reference_id": "RHSA-2015:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0773" }, { "reference_url": "https://usn.ubuntu.com/2033-1/", "reference_id": "USN-2033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2033-1/" }, { "reference_url": "https://usn.ubuntu.com/2089-1/", "reference_id": "USN-2089-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2089-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20333?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.0" } ], "aliases": [ "CVE-2013-4002", "GHSA-7j4h-8wpf-rqfh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6wc-3mp6-63ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12393?format=api", "vulnerability_id": "VCID-c2s2-wsy6-sufn", "summary": "XML Injection (aka Blind XPath Injection)\nThere's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23437.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2497", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24989", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24901", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25542", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jboss/xerces", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jboss/xerces" }, { "reference_url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221028-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221028-0005/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/24/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/24/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975", "reference_id": "1016975", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", "reference_id": "2047200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "reference_id": "CVE-2022-23437", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" }, { "reference_url": "https://github.com/advisories/GHSA-h65f-jvqw-m9fj", "reference_id": "GHSA-h65f-jvqw-m9fj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h65f-jvqw-m9fj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44037?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.2" } ], "aliases": [ "CVE-2022-23437", "GHSA-h65f-jvqw-m9fj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2s2-wsy6-sufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12913?format=api", "vulnerability_id": "VCID-c3c2-b2bc-6bdh", "summary": "Improper Input Validation\nA flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14338.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14338.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.5989", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59838", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59902", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59924", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.59908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.5977", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14338" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054" }, { "reference_url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338", "reference_id": "CVE-2020-14338", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338" }, { "reference_url": "https://github.com/advisories/GHSA-w4jq-qh47-hvjq", "reference_id": "GHSA-w4jq-qh47-hvjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w4jq-qh47-hvjq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4244", "reference_id": "RHSA-2020:4244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4245", "reference_id": "RHSA-2020:4245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4246", "reference_id": "RHSA-2020:4246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4247", "reference_id": "RHSA-2020:4247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5361", "reference_id": "RHSA-2020:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0600", "reference_id": "RHSA-2021:0600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0603", "reference_id": "RHSA-2021:0603", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0603" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46267?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.sp3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.sp3" }, { "url": "http://public2.vulnerablecode.io/api/packages/80737?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.0.sp3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.0.sp3" }, { "url": "http://public2.vulnerablecode.io/api/packages/278671?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c2s2-wsy6-sufn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.1" } ], "aliases": [ "CVE-2020-14338", "GHSA-w4jq-qh47-hvjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3c2-b2bc-6bdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33663?format=api", "vulnerability_id": "VCID-nnhm-vcmu-gkd7", "summary": "Denial of service in Apache Xerces2\nApache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8407", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84077", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.83997", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8403", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0881" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881" }, { "reference_url": "https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449" }, { "reference_url": "https://issues.apache.org/jira/browse/XERCESJ-1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1685" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0881" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/07/08/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2014/07/08/11" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/11", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-vmqm-g3vh-847m", "reference_id": "GHSA-vmqm-g3vh-847m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmqm-g3vh-847m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20333?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.0" } ], "aliases": [ "CVE-2012-0881", "GHSA-vmqm-g3vh-847m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnhm-vcmu-gkd7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.8.1" }