XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote malicious user to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xstream project xstream |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
netapp snapmanager |
||
netapp snapmanager - |
||
apache activemq 5.15.4 |
||
oracle banking platform 2.4.0 |
||
oracle communications policy management 12.5.0 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.9.0 |
||
oracle banking virtual account management 14.3.0 |
||
oracle business activity monitoring 12.2.1.3.0 |
||
oracle business activity monitoring 11.1.1.9.0 |
||
oracle business activity monitoring 12.2.1.4.0 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle retail xstore point of service 19.0.2 |
||
oracle banking virtual account management 14.2.0 |
||
oracle banking virtual account management 14.5.0 |
||
oracle banking cash management 14.2 |
||
oracle banking cash management 14.3 |
||
oracle banking cash management 14.5 |
||
oracle endeca information discovery studio 3.2.0.0 |
||
oracle banking trade finance process management 14.2 |
||
oracle banking trade finance process management 14.3 |
||
oracle banking trade finance process management 14.5 |
||
oracle banking credit facilities process management 14.2 |
||
oracle banking credit facilities process management 14.3 |
||
oracle banking credit facilities process management 14.5 |
||
oracle banking corporate lending process management 14.2 |
||
oracle banking corporate lending process management 14.3 |
||
oracle banking corporate lending process management 14.5 |
||
oracle banking supply chain finance 14.2 |
||
oracle banking supply chain finance 14.3 |
||
oracle banking supply chain finance 14.5 |