Vulnerabilities > CVE-2021-39153

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Vulnerable Configurations

Part	Description	Count
Application	Xstream_Project Xstream Project Xstream - Xstream Project Xstream 0.2 Xstream Project Xstream 0.3 Xstream Project Xstream 0.4 Xstream Project Xstream 0.5 Xstream Project Xstream 0.6 Xstream Project Xstream 1.0 Xstream Project Xstream 1.0.1 Xstream Project Xstream 1.0.2 Xstream Project Xstream 1.1 Xstream Project Xstream 1.1.1 Xstream Project Xstream 1.1.2 Xstream Project Xstream 1.1.3 Xstream Project Xstream 1.2 Xstream Project Xstream 1.2.1 Xstream Project Xstream 1.2.2 Xstream Project Xstream 1.3 Xstream Project Xstream 1.3.1 Xstream Project Xstream 1.4 Xstream Project Xstream 1.4.1 Xstream Project Xstream 1.4.2 Xstream Project Xstream 1.4.3 Xstream Project Xstream 1.4.4 Xstream Project Xstream 1.4.5 Xstream Project Xstream 1.4.6 Xstream Project Xstream 1.4.7 Xstream Project Xstream 1.4.8 Xstream Project Xstream 1.4.9 Xstream Project Xstream 1.4.10 Xstream Project Xstream 1.4.11 Xstream Project Xstream 1.4.11.1 Xstream Project Xstream 1.4.12 Xstream Project Xstream 1.4.13 Xstream Project Xstream 1.4.14 Xstream Project Xstream 1.4.15 Xstream Project Xstream 1.4.16 Xstream Project Xstream 1.4.17	39
Application	Netapp Netapp Snapmanager -	2
Application	Oracle Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Utilities Framework 4.2.0.3.0 Oracle Utilities Framework 4.2.0.2.0 Oracle Utilities Framework 4.3.0.6.0 Oracle Utilities Framework 4.4.0.0.0 Oracle Utilities Framework 4.4.0.2.0 Oracle Utilities Framework 4.4.0.3.0 Oracle Utilities Framework 4.3.0.1.0 Oracle Communications Unified Inventory Management 7.3.4 Oracle Communications Unified Inventory Management 7.3.5 Oracle Communications Unified Inventory Management 7.4.0 Oracle Communications Unified Inventory Management 7.4.1 Oracle Communications Unified Inventory Management 7.4.2 Oracle Communications Billing AND Revenue Management Elastic Charging Engine 11.3 Oracle Communications Billing AND Revenue Management Elastic Charging Engine 12.0 Oracle Business Activity Monitoring 12.2.1.4.0 Oracle Utilities Testing Accelerator 6.0.0.1.1 Oracle Communications Cloud Native Core Binding Support Function 1.10.0 Oracle Communications Cloud Native Core Policy 1.14.0 Oracle Communications Cloud Native Core Automated Test Suite 1.9.0	21
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35	3
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3

Vulnerabilities > CVE-2021-39153 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-39153"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-39153