Vulnerabilities > CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Vulnerable Configurations

Part	Description	Count
Application	Xstream_Project Xstream Project Xstream - Xstream Project Xstream 0.2 Xstream Project Xstream 0.3 Xstream Project Xstream 0.4 Xstream Project Xstream 0.5 Xstream Project Xstream 0.6 Xstream Project Xstream 1.0 Xstream Project Xstream 1.0.1 Xstream Project Xstream 1.0.2 Xstream Project Xstream 1.1 Xstream Project Xstream 1.1.1 Xstream Project Xstream 1.1.2 Xstream Project Xstream 1.1.3 Xstream Project Xstream 1.2 Xstream Project Xstream 1.2.1 Xstream Project Xstream 1.2.2 Xstream Project Xstream 1.3 Xstream Project Xstream 1.3.1 Xstream Project Xstream 1.4 Xstream Project Xstream 1.4.1 Xstream Project Xstream 1.4.2 Xstream Project Xstream 1.4.3 Xstream Project Xstream 1.4.4 Xstream Project Xstream 1.4.5 Xstream Project Xstream 1.4.6 Xstream Project Xstream 1.4.7 Xstream Project Xstream 1.4.8 Xstream Project Xstream 1.4.9 Xstream Project Xstream 1.4.10 Xstream Project Xstream 1.4.11 Xstream Project Xstream 1.4.11.1 Xstream Project Xstream 1.4.12 Xstream Project Xstream 1.4.13 Xstream Project Xstream 1.4.14 Xstream Project Xstream 1.4.15 Xstream Project Xstream 1.4.16 Xstream Project Xstream 1.4.17	39
Application	Netapp Netapp Snapmanager -	2
Application	Oracle Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Utilities Framework 4.2.0.3.0 Oracle Utilities Framework 4.2.0.2.0 Oracle Utilities Framework 4.3.0.6.0 Oracle Utilities Framework 4.4.0.0.0 Oracle Utilities Framework 4.4.0.2.0 Oracle Utilities Framework 4.4.0.3.0 Oracle Utilities Framework 4.3.0.1.0 Oracle Communications Unified Inventory Management 7.3.4 Oracle Communications Unified Inventory Management 7.3.5 Oracle Communications Unified Inventory Management 7.4.0 Oracle Communications Unified Inventory Management 7.4.1 Oracle Communications Unified Inventory Management 7.4.2 Oracle Communications Billing AND Revenue Management Elastic Charging Engine 11.3 Oracle Communications Billing AND Revenue Management Elastic Charging Engine 12.0 Oracle Business Activity Monitoring 12.2.1.4.0 Oracle Commerce Guided Search 11.3.2 Oracle Retail Xstore Point OF Service 16.0.6 Oracle Retail Xstore Point OF Service 17.0.4 Oracle Retail Xstore Point OF Service 18.0.3 Oracle Retail Xstore Point OF Service 19.0.2 Oracle Retail Xstore Point OF Service 20.0.1 Oracle Utilities Testing Accelerator 6.0.0.1.1 Oracle Communications Cloud Native Core Binding Support Function 1.10.0 Oracle Communications Cloud Native Core Policy 1.14.0 Oracle Communications Cloud Native Core Automated Test Suite 1.9.0	27
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35	3

Vulnerabilities > CVE-2021-39139 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-39139"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-39139