Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2021-27568
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.9/10
- Exploit Score
- 2.2/10
- Access Vector
- Network
- Access Complexity
- High
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:json-smart_project:json-smart-v1:*:*:*:*:*:*:*:* |
Yes
|
- | 1.3.2 | |
cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:* |
Yes
|
- | 2.3.1 | |
cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:* |
Yes
|
2.4 | 2.4.1 | |
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.1 |
Yes
|
- | - | |
cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* |
Yes
|
- | 2.12.42 |
References
- https://github.com/netplex/json-smart-v2/issues/60
- https://github.com/netplex/json-smart-v1/issues/7
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf5ad9cb01
- https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f
- https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20d3189434