Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mqnn-spsw-8fg5

Summary Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Aliases

alias	CVE-2018-11040

alias	GHSA-f26x-pr96-vw86

Fixed_packages

url	pkg:deb/debian/libspring-java@4.3.19-1?distro=trixie
purl	pkg:deb/debian/libspring-java@4.3.19-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.19-1%3Fdistro=trixie

url pkg:deb/debian/libspring-java@4.3.22-4

purl pkg:deb/debian/libspring-java@4.3.22-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.22-4

url	pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
purl	pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie

url	pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
purl	pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie

url	pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
purl	pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie

url	pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
purl	pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie

url pkg:maven/org.springframework/spring-core@4.3.18.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.18.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.7.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-f3g5-hamr-6yar

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.7.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.18.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.18.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.7.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.7.RELEASE

Affected_packages

url pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3

purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-4sj2-j914-9yfb

vulnerability	VCID-53gt-nbgk-hyc2

vulnerability	VCID-9v66-xp9z-8kea

vulnerability	VCID-ajex-5x84-8ygb

vulnerability	VCID-asmf-3c71-gqcb

vulnerability	VCID-bpme-zq57-4uh7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-e7xv-sdvz-g7e4

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-eer8-apxc-2ue6

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-mvx7-2y3s-fbbb

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-vkf8-5z5m-wqc7

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%252Bdeb7u3

url pkg:deb/debian/libspring-java@3.0.6.RELEASE-17

purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-4sj2-j914-9yfb

vulnerability	VCID-53gt-nbgk-hyc2

vulnerability	VCID-9v66-xp9z-8kea

vulnerability	VCID-bpme-zq57-4uh7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-17

url pkg:deb/debian/libspring-java@4.3.5-1

purl pkg:deb/debian/libspring-java@4.3.5-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sj2-j914-9yfb

vulnerability	VCID-bpme-zq57-4uh7

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.5-1

url pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.0.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-f3g5-hamr-6yar

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.0.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.0.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.0.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.1.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.1.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.2.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.2.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.3.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.3.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.4.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.4.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.5.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.5.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.6.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.6.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.7.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.7.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.8.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.8.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.9.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.9.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.10.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.10.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.11.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.11.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.12.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.12.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.13.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.13.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.14.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.14.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.15.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.15.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.15.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.16.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.16.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.16.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.17.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.17.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.17.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.0.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.0.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.1.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.1.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.2.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.2.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.3.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.3.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.4.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.4.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.5.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.5.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.6.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-tu1q-zbk1-hbdm

vulnerability	VCID-u7kk-c6fm-judy

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.6.RELEASE

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11040.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11040.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11040

reference_id

reference_type

scores

value	0.07316
scoring_system	epss
scoring_elements	0.91749
published_at	2026-05-14T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91743
published_at	2026-05-12T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91734
published_at	2026-05-11T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91736
published_at	2026-05-09T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91727
published_at	2026-05-07T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91714
published_at	2026-05-05T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91702
published_at	2026-04-29T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91704
published_at	2026-04-26T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91707
published_at	2026-04-24T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91701
published_at	2026-04-21T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91708
published_at	2026-04-16T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91657
published_at	2026-04-04T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91687
published_at	2026-04-13T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91691
published_at	2026-04-12T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91689
published_at	2026-04-11T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91685
published_at	2026-04-09T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91679
published_at	2026-04-08T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91666
published_at	2026-04-07T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91644
published_at	2026-04-01T12:55:00Z

value	0.07316
scoring_system	epss
scoring_elements	0.91651
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11040

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url	https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93

reference_url

https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a

reference_url	https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e2
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e2

reference_url

https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e26

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e26

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591931
reference_id	1591931
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591931

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:::::::*
reference_id	cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:::::::*
reference_id	cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:::::::*
reference_id	cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
reference_id	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
reference_id	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
reference_id	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
reference_id	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity::::::::
reference_id	cpe:2.3:a:oracle:communications_network_integrity::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_services_gatekeeper::::::::
reference_id	cpe:2.3:a:oracle:communications_services_gatekeeper::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_services_gatekeeper::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:::::::*
reference_id	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:::::::*
reference_id	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
reference_id	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::*
reference_id	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::*
reference_id	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager:13.2:::::mysql::
reference_id	cpe:2.3:a:oracle:enterprise_manager:13.2:::::mysql::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager:13.2:::::mysql::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:::::::*
reference_id	cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:::::::*
reference_id	cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:::::::*
reference_id	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:::::::*
reference_id	cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:::::::*
reference_id	cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:3.0:::::::*
reference_id	cpe:2.3:a:oracle:healthcare_master_person_index:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:4.0:::::::*
reference_id	cpe:2.3:a:oracle:healthcare_master_person_index:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
reference_id	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
reference_id	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_calculation_engine::::::::
reference_id	cpe:2.3:a:oracle:insurance_calculation_engine::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_calculation_engine::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.0:::::::*
reference_id	cpe:2.3:a:oracle:insurance_rules_palette:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.2:::::::*
reference_id	cpe:2.3:a:oracle:insurance_rules_palette:10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::*
reference_id	cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
reference_id	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:::::::*
reference_id	cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:::::::*
reference_id	cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:::::::*
reference_id	cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:::::::*
reference_id	cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:::::::*
reference_id	cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:::::::*
reference_id	cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_predictive_application_server:16.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_service_backbone:16.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:::::::*
reference_id	cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework::::::::
reference_id	cpe:2.3:a:vmware:spring_framework::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11040

reference_id

CVE-2018-11040

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11040

reference_url

https://pivotal.io/security/cve-2018-11040

reference_id

CVE-2018-11040

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-11040

reference_url

https://github.com/advisories/GHSA-f26x-pr96-vw86

reference_id

GHSA-f26x-pr96-vw86

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f26x-pr96-vw86

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	829
name	Inclusion of Functionality from Untrusted Control Sphere
description	The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

Severity_range_score 3.7 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqnn-spsw-8fg5

Vulnerability Instance