Search for vulnerabilities
Vulnerability details: VCID-1psf-36k5-aaaa
Vulnerability ID VCID-1psf-36k5-aaaa
Aliases CVE-2014-0107
GHSA-rc2w-r4jq-7pfx
Summary The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-264 Permissions, Privileges, and Access Controls
CWE-285 Improper Authorization
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-358 Improperly Implemented Security Check for Standard
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0107.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2014-0348.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2014-1351.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-1351.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1888.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1888.html
rhas Important https://access.redhat.com/errata/RHSA-2014:0348
rhas Important https://access.redhat.com/errata/RHSA-2014:0453
rhas Important https://access.redhat.com/errata/RHSA-2014:0454
rhas Important https://access.redhat.com/errata/RHSA-2014:0590
rhas Important https://access.redhat.com/errata/RHSA-2014:0591
rhas Important https://access.redhat.com/errata/RHSA-2014:0818
rhas Important https://access.redhat.com/errata/RHSA-2014:0819
rhas Important https://access.redhat.com/errata/RHSA-2014:1007
rhas Important https://access.redhat.com/errata/RHSA-2014:1059
rhas Important https://access.redhat.com/errata/RHSA-2014:1290
rhas Important https://access.redhat.com/errata/RHSA-2014:1291
rhas Important https://access.redhat.com/errata/RHSA-2014:1351
rhas Important https://access.redhat.com/errata/RHSA-2014:1369
rhas Important https://access.redhat.com/errata/RHSA-2014:1995
rhas Important https://access.redhat.com/errata/RHSA-2015:1888
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.01939 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.01939 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.01939 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.01939 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.05673 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
epss 0.12461 https://api.first.org/data/v1/epss?cve=CVE-2014-0107
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1080248
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/92023
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rc2w-r4jq-7pfx
generic_textual HIGH https://github.com/apache/xalan-java
cvssv3.1 6.3 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
generic_textual HIGH https://issues.apache.org/jira/browse/XALANJ-2435
cvssv3.1 6.1 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-0107
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2014-0107
generic_textual HIGH https://security.gentoo.org/glsa/201604-02
generic_textual Medium https://ubuntu.com/security/notices/USN-2218-1
generic_textual HIGH http://svn.apache.org/viewvc?view=revision&revision=1581058
cvssv3.1 5.3 https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual HIGH https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual MODERATE https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1 8.2 https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual HIGH https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual LOW https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual HIGH https://www.tenable.com/security/tns-2018-15
generic_textual HIGH http://www-01.ibm.com/support/docview.wss?uid=swg21674334
generic_textual HIGH http://www-01.ibm.com/support/docview.wss?uid=swg21676093
generic_textual HIGH http://www-01.ibm.com/support/docview.wss?uid=swg21677145
generic_textual HIGH http://www-01.ibm.com/support/docview.wss?uid=swg21680703
generic_textual HIGH http://www-01.ibm.com/support/docview.wss?uid=swg21681933
generic_textual HIGH http://www.debian.org/security/2014/dsa-2886
generic_textual HIGH http://www.ibm.com/support/docview.wss?uid=swg21677967
generic_textual HIGH http://www.ocert.org/advisories/ocert-2014-002.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0107.html
http://rhn.redhat.com/errata/RHSA-2014-0348.html
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://rhn.redhat.com/errata/RHSA-2015-1888.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0107.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107
http://secunia.com/advisories/57563
http://secunia.com/advisories/59036
http://secunia.com/advisories/59151
http://secunia.com/advisories/59247
http://secunia.com/advisories/59290
http://secunia.com/advisories/59291
http://secunia.com/advisories/59369
http://secunia.com/advisories/59515
http://secunia.com/advisories/59711
http://secunia.com/advisories/60502
https://exchange.xforce.ibmcloud.com/vulnerabilities/92023
https://github.com/apache/xalan-java
https://github.com/apache/xalan-j/commit/cbfd906cc5a1f1566fa1a98400c82e56077fae0c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
https://issues.apache.org/jira/browse/XALANJ-2435
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E
https://security.gentoo.org/glsa/201604-02
https://ubuntu.com/security/notices/USN-2218-1
http://svn.apache.org/viewvc?view=revision&revision=1581058
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.tenable.com/security/tns-2018-15
http://www-01.ibm.com/support/docview.wss?uid=swg21674334
http://www-01.ibm.com/support/docview.wss?uid=swg21676093
http://www-01.ibm.com/support/docview.wss?uid=swg21677145
http://www-01.ibm.com/support/docview.wss?uid=swg21680703
http://www-01.ibm.com/support/docview.wss?uid=swg21681933
http://www.debian.org/security/2014/dsa-2886
http://www.ibm.com/support/docview.wss?uid=swg21677967
http://www.ocert.org/advisories/ocert-2014-002.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.securityfocus.com/bid/66397
http://www.securitytracker.com/id/1034711
http://www.securitytracker.com/id/1034716
1080248 https://bugzilla.redhat.com/show_bug.cgi?id=1080248
742577 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742577
cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:xalan-java:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:7.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_sites:7.6.2:*:*:*:*:*:*:*
CVE-2014-0107 https://nvd.nist.gov/vuln/detail/CVE-2014-0107
GHSA-rc2w-r4jq-7pfx https://github.com/advisories/GHSA-rc2w-r4jq-7pfx
RHSA-2014:0348 https://access.redhat.com/errata/RHSA-2014:0348
RHSA-2014:0453 https://access.redhat.com/errata/RHSA-2014:0453
RHSA-2014:0454 https://access.redhat.com/errata/RHSA-2014:0454
RHSA-2014:0590 https://access.redhat.com/errata/RHSA-2014:0590
RHSA-2014:0591 https://access.redhat.com/errata/RHSA-2014:0591
RHSA-2014:0818 https://access.redhat.com/errata/RHSA-2014:0818
RHSA-2014:0819 https://access.redhat.com/errata/RHSA-2014:0819
RHSA-2014:1007 https://access.redhat.com/errata/RHSA-2014:1007
RHSA-2014:1059 https://access.redhat.com/errata/RHSA-2014:1059
RHSA-2014:1290 https://access.redhat.com/errata/RHSA-2014:1290
RHSA-2014:1291 https://access.redhat.com/errata/RHSA-2014:1291
RHSA-2014:1351 https://access.redhat.com/errata/RHSA-2014:1351
RHSA-2014:1369 https://access.redhat.com/errata/RHSA-2014:1369
RHSA-2014:1995 https://access.redhat.com/errata/RHSA-2014:1995
RHSA-2015:1888 https://access.redhat.com/errata/RHSA-2015:1888
USN-2218-1 https://usn.ubuntu.com/2218-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0107
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77832
EPSS Score 0.00544
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.