Vulnerabilities > CVE-2021-36374

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

apache

oracle

NVD

Published: 2021-07-14

Updated: 2023-11-07

Summary

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache ANT 1.10.0 Apache ANT 1.10.1 Apache ANT 1.10.2 Apache ANT 1.10.3 Apache ANT 1.10.4 Apache ANT 1.10.5 Apache ANT 1.10.6 Apache ANT 1.10.7 Apache ANT 1.10.8 Apache ANT 1.10.9 Apache ANT 1.10.10 Apache ANT 1.9.0 Apache ANT 1.9.1 Apache ANT 1.9.2 Apache ANT 1.9.3 Apache ANT 1.9.4 Apache ANT 1.9.5 Apache ANT 1.9.6 Apache ANT 1.9.7 Apache ANT 1.9.8 Apache ANT 1.9.9 Apache ANT 1.9.10 Apache ANT 1.9.11 Apache ANT 1.9.12 Apache ANT 1.9.13 Apache ANT 1.9.14 Apache ANT 1.9.15	45
Application	Oracle Oracle Retail Store Inventory Management 14.1 Oracle Retail Store Inventory Management 16.0 Oracle Retail Store Inventory Management 15.0 Oracle Enterprise Repository 11.1.1.7.0 Oracle Retail Back Office 14.1 Oracle Retail Back Office 14.0 Oracle Utilities Framework 4.2.0.3.0 Oracle Utilities Framework 4.2.0.2.0 Oracle Utilities Framework 4.4.0.0.0 Oracle Utilities Framework 4.3.0.1.0 Oracle Utilities Framework 4.3.0.2.0 Oracle Utilities Framework 4.3.0.3.0 Oracle Utilities Framework 4.3.0.4 Oracle Utilities Framework 4.3.0.4.0 Oracle Utilities Framework 4.3.0.5.0 Oracle Utilities Framework 4.3.0.6.0 Oracle Utilities Framework 4.4.0.2.0 Oracle Utilities Framework 4.4.0.3.0 Oracle Retail Central Office 14.0 Oracle Retail Central Office 14.1 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 19.12 Oracle Primavera Unifier 20.12 Oracle Retail Point OF Service 14.1 Oracle Retail Point OF Service 14.0 Oracle Retail Predictive Application Server 15.0.3 Oracle Retail Predictive Application Server 16.0.3.0 Oracle Retail Predictive Application Server 14.1.3 Oracle Agile PLM 9.3.6 Oracle Communications Unified Inventory Management 7.4.0 Oracle Communications Unified Inventory Management 7.3.0 Oracle Communications Unified Inventory Management 7.4.1 Oracle Communications Unified Inventory Management 7.4.2 Oracle Communications Unified Inventory Management 7.5.0 Oracle Retail Advanced Inventory Planning 14.1 Oracle Retail Advanced Inventory Planning 15.0 Oracle Retail Advanced Inventory Planning 16.0 Oracle Retail Bulk Data Integration 16.0.3.0 Oracle Retail Bulk Data Integration 19.0.1 Oracle Agile Engineering Data Management 6.2.1.0 Oracle Communications Order AND Service Management 7.4 Oracle Communications Order AND Service Management 7.3 Oracle Retail Xstore Point OF Service 16.0.6 Oracle Retail Xstore Point OF Service 17.0.4 Oracle Retail Xstore Point OF Service 18.0.3 Oracle Retail Xstore Point OF Service 19.0.2 Oracle Retail Xstore Point OF Service 20.0.1 Oracle Retail Service Backbone 14.1.3.2 Oracle Retail Service Backbone 15.0.4.0 Oracle Retail Service Backbone 16.0.3.0 Oracle Retail Service Backbone 19.0.1.0 Oracle Primavera Gateway 17.12.0 Oracle Primavera Gateway 17.12.6 Oracle Primavera Gateway 17.12.7 Oracle Primavera Gateway 17.12.8 Oracle Primavera Gateway 17.12.9 Oracle Primavera Gateway 17.12.10 Oracle Primavera Gateway 17.12.11 Oracle Primavera Gateway 20.12.0 Oracle Primavera Gateway 20.12.7 Oracle Primavera Gateway 19.12.0 Oracle Primavera Gateway 19.12.4 Oracle Primavera Gateway 19.12.10 Oracle Primavera Gateway 19.12.11 Oracle Primavera Gateway 18.8.0 Oracle Primavera Gateway 18.8.8 Oracle Primavera Gateway 18.8.8.1 Oracle Primavera Gateway 18.8.9 Oracle Primavera Gateway 18.8.11 Oracle Primavera Gateway 18.8.12 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Financial Services Analytical Applications Infrastructure 8.0.9.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.0.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.1 Oracle Insurance Policy Administration 11.0 Oracle Insurance Policy Administration 11.0.2 Oracle Insurance Policy Administration 11.1.0 Oracle Insurance Policy Administration 11.2.0 Oracle Insurance Policy Administration 11.2.7 Oracle Insurance Policy Administration 11.2.8 Oracle Insurance Policy Administration 11.3.0 Oracle Insurance Policy Administration 11.3.1 Oracle Real Time Decision Server 3.2.0.0 Oracle Real Time Decision Server 11.1.1.9.0 Oracle Retail Merchandising System 19.0.1 Oracle Retail Integration BUS 14.1.3.2 Oracle Retail Integration BUS 15.0.4.0 Oracle Retail Integration BUS 16.0.3.0 Oracle Retail Integration BUS 19.0.1.0 Oracle Retail Financial Integration 14.1.3.2 Oracle Retail Financial Integration 15.0.4.0 Oracle Retail Financial Integration 16.0.3.0 Oracle Retail Extract Transform AND Load 13.2.8 Oracle Retail Eftlink 19.0.1 Oracle Retail Eftlink 20.0.1 Oracle Utilities Testing Accelerator 6.0.0.1.1 Oracle Retail Invoice Matching 16.0.3 Oracle Timesten IN Memory Database - Oracle Product Lifecycle Analytics 3.6.1 Oracle Communications Cloud Native Core Automated Test Suite 1.9.0 Oracle Communications Cloud Native Core Binding Support Function 1.11.0 Oracle Communications Diameter Intelligence HUB 8.0.0 Oracle Communications Diameter Intelligence HUB 8.1.0 Oracle Communications Diameter Intelligence HUB 8.2.0 Oracle Communications Diameter Intelligence HUB 8.2.3 Oracle Banking Trade Finance 14.5 Oracle Banking Treasury Management 14.5 Oracle Health Sciences Information Manager 3.0.1 Oracle Health Sciences Information Manager 3.0.2 Oracle Health Sciences Information Manager 3.0.3 Oracle Health Sciences Information Manager 3.0.4 Oracle Health Sciences Information Manager 3.0.5 Oracle Health Sciences Information Manager 3.0.0.1	133

Vulnerabilities > CVE-2021-36374 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-36374"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-36374