Published: 23/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 up to and including 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
json-smart project json-smart-v1
json-smart project json-smart-v2
oracle weblogic server 12.2.1.3.0
oracle utilities framework 4.4.0.0.0
oracle weblogic server 12.2.1.4.0
oracle peoplesoft enterprise peopletools 8.58
oracle weblogic server 14.1.1.0.0
oracle utilities framework 4.4.0.2.0
oracle peoplesoft enterprise peopletools 8.59
oracle utilities framework 4.4.0.3.0
oracle communications cloud native core policy 1.14.0
oracle oss support tools

A flaw was found in json-smart When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information The highest threat from this vulnerability is to data confidentiality and system availability ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-1695, CVE-2020-1723, CVE-2020-1725, CVE-2020-10770, CVE-2020-14302, CVE-2020-15522, CVE-2020-25711, CVE-2020-27838, CVE-2020-28052, CVE-2020-28491, CVE-2021-3424, CVE-2021-3712, CVE-2021-20195, CVE-2021-20202, CVE-2021-20222, CVE-2021-20262, CVE-2021-21290, C ...

Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [Affected products] and [Fixed products] ...

json-smart-v2 Json-smart development started in 2010, when SQL servers did not support native JSON fields, NoSQL databases were slowly emerging, and all the existing JSON APIs were bogus I wrote lots of tests to benchmark and compare JSON java parsers I never liked SQL databases because it's almost impossible to update a data model without impacting the production pla

PoCs to own CVEs CVE-2021-27568 - json-smart DoS All known versions of json-smart, to be more precise json-smart-v1 till v131 (Oct 23, 2015) and json-smart-v2 till v24 (Mar 26, 2017) have an Uncaught Exception leading to a Denial-of-Service (DoS) in Applications which are not build to catch the NumberFormatException on their own Known Affected (other) Products: jsonrpc2-

CWE-754 https://github.com/netplex/json-smart-v2/issues/60 https://github.com/netplex/json-smart-v1/issues/7 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf5ad9cb01c980c6%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20d318943453e396%40%3Ccommits.druid.apache.org%3E https://nvd.nist.gov https://github.com/netplex/json-smart-v2 https://access.redhat.com/security/cve/cve-2021-27568

CVE-2021-27568

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect