VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-za5x-fm45-aaak

Essentials
Severities (121)
References (36)
Severity details (26)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-za5x-fm45-aaak
Aliases	CVE-2019-12400 GHSA-4q98-wr72-h35w
Summary	Improper input validation in Apache Santuario XML Security for Java
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2020:0804
rhas	Important	https://access.redhat.com/errata/RHSA-2020:0805
rhas	Important	https://access.redhat.com/errata/RHSA-2020:0806
rhas	Important	https://access.redhat.com/errata/RHSA-2020:0811
rhas	Important	https://access.redhat.com/errata/RHSA-2020:0951
rhas	Important	https://access.redhat.com/errata/RHSA-2020:2067
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3192
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12400.json
cvssv3.1	5.5	http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2
generic_textual	MODERATE	http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00200	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00255	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00317	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
epss	0.00372	https://api.first.org/data/v1/epss?cve=CVE-2019-12400
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1764658
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4q98-wr72-h35w
cvssv3.1	5.5	https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E
cvssv3.1	5.5	https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E
cvssv2	1.9	https://nvd.nist.gov/vuln/detail/CVE-2019-12400
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-12400
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2019-12400
cvssv3.1	5.5	https://security.netapp.com/advisory/ntap-20190910-0003
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20190910-0003
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuoct2021.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12400.json
		http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2
		https://api.first.org/data/v1/epss?cve=CVE-2019-12400
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12400
		https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E
		https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c%40%3Cdev.santuario.apache.org%3E
		https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E
		https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce%40%3Cdev.santuario.apache.org%3E
		https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626%40%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
		https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
		https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4%40%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402%40%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E
		https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03%40%3Ccommits.tomee.apache.org%3E
		https://security.netapp.com/advisory/ntap-20190910-0003
		https://security.netapp.com/advisory/ntap-20190910-0003/
		https://www.oracle.com/security-alerts/cpuoct2021.html
1764658		https://bugzilla.redhat.com/show_bug.cgi?id=1764658
935548		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935548
cpe:2.3:a:apache:santuario_xml_security_for_java::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:santuario_xml_security_for_java::::::::
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:::::::*
CVE-2019-12400		https://nvd.nist.gov/vuln/detail/CVE-2019-12400
GHSA-4q98-wr72-h35w		https://github.com/advisories/GHSA-4q98-wr72-h35w
RHSA-2020:0804		https://access.redhat.com/errata/RHSA-2020:0804
RHSA-2020:0805		https://access.redhat.com/errata/RHSA-2020:0805
RHSA-2020:0806		https://access.redhat.com/errata/RHSA-2020:0806
RHSA-2020:0811		https://access.redhat.com/errata/RHSA-2020:0811
RHSA-2020:0951		https://access.redhat.com/errata/RHSA-2020:0951
RHSA-2020:2067		https://access.redhat.com/errata/RHSA-2020:2067
RHSA-2020:3192		https://access.redhat.com/errata/RHSA-2020:3192

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12400.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12400

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12400

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12400

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20190910-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.23137
EPSS Score	0.00153
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.