CVE-2016-8735

{"id": "CVE-2016-8735", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-06T21:59:00.243", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/oss-sec/2016/q4/502", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644", "tags": ["Broken Link", "Patch"], "source": "[email protected]"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656", "tags": ["Broken Link", "Patch"], "source": "[email protected]"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676", "tags": ["Broken Link", "Patch"], "source": "[email protected]"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684", "tags": ["Broken Link", "Patch"], "source": "[email protected]"}, {"url": "http://tomcat.apache.org/security-6.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://tomcat.apache.org/security-7.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://tomcat.apache.org/security-8.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://tomcat.apache.org/security-9.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.debian.org/security/2016/dsa-3738", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/94463", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.securitytracker.com/id/1037331", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0455", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0456", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20180607-0001/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://usn.ubuntu.com/4557-1/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/oss-sec/2016/q4/502", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-6.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-7.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-8.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tomcat.apache.org/security-9.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3738", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94463", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037331", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0455", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:0456", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20180607-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4557-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-8735", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."}, {"lang": "es", "value": "La ejecuci\u00f3n remota de c\u00f3digo es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualiz\u00f3 por coherencia con el parche de Oracle CVE-2016-3427 que afect\u00f3 a los tipos de credenciales."}], "lastModified": "2025-10-22T00:15:56.793", "cisaActionDue": "2023-06-02", "cisaExploitAdd": "2023-05-12", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDAB7E8F-98DA-43F2-B2AE-F0C5F1581B4A", "versionEndExcluding": "6.0.48"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39AB06BF-6948-44FA-AE78-CDEF64D7B771", "versionEndExcluding": "7.0.73", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBC4F54A-F99A-4B1A-AAE4-0C64950C118D", "versionEndExcluding": "8.0.39", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE43E8ED-8C32-42AF-A76F-8731C0F8DE7D", "versionEndExcluding": "8.5.7", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67BBBD83-E232-4198-9748-C512D9E0EEDD"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08"}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61C5D278-11E5-4A2F-9860-6FFA579398CD"}, {"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B21D189-0E7D-4878-91A0-BE38A4ABA1FD"}, {"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174"}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62"}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "622B95F1-8FA4-4AA6-9B68-5FE4302BA150"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C510CE66-DD71-45C8-B678-9BD81EC7FFBB"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0A211C-7C3D-46AE-B525-890A9194C422"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1AD7C68-81DF-4332-AEB3-B368E0221F52"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:micros_relate_crm_software:10.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE82F56-65B9-490B-8096-037ADD9819AB"}, {"criteria": "cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE3A1A04-5AAE-40D9-842A-8B46211C5D95"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78933DD0-F774-4E60-BC66-D5A57919717A"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ECA7A7E-8177-4FD4-B9B9-F4B1B6F43F98"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C9A2AD-F384-44D5-AB33-86B7250760A5"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD8F1BF2-C047-4296-815B-B21A2A673DFF"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA3F5761-E2A0-4F67-BAE1-503877676BF3"}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E3C86B-4483-430A-856D-7EAB7D388D2E"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2D40A0-F2F0-476C-959E-39CA64B430ED", "versionEndIncluding": "3.2.8.2223"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C992CCD1-54C9-4BC2-876F-7A5D76571DEA", "versionEndIncluding": "3.3.4.3247", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEBB610E-4FE2-41C2-B3A3-D67077A60F82", "versionEndIncluding": "3.4.2.4181", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5B8931-D3B4-46A9-B1A0-9A6BBA365FC8"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "231DDD84-5AF3-4F0D-81D8-DA0F942E78F1"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A714FB-050A-4040-BC57-C22FA4DD58D2"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A775321B-6DFB-4770-8F6D-D34D655438AF"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "835BB7D9-633C-4CB3-8E8F-CA6FD62E587A"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48FE41BA-1E3C-4626-930F-3F8FEE124A78"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F284EF-05CF-4CF5-B7CA-F58AE01DA3B6"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09892E8-D580-488A-A80E-B358D682A25A"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Tomcat Remote Code Execution Vulnerability"}