CVE-2021-30468

{"id": "CVE-2021-30468", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-06-16T12:15:12.617", "references": [{"url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2021/06/16/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cusers.cxf.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210917-0002/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n JsonMapObjectReaderWriter de Apache CXF permite a un atacante enviar un JSON malformado hacia un servicio web, lo que hace que el subproceso se quede atascado en un bucle infinito, consumiendo CPU indefinidamente. Este problema afecta a Apache CXF versiones anteriores a 3.4.4 y Apache CXF versiones anteriores a 3.3.11"}], "lastModified": "2023-11-07T03:33:02.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30AD1489-9FAA-4CB3-9683-236BE2BF4762", "versionEndExcluding": "3.3.11"}, {"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64083AE-3EDA-4F41-9B72-DA0BF554B9F6", "versionEndExcluding": "3.4.4", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:apache:tomee:8.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD41F07F-EDA1-45B1-8BB4-2918918527D3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C"}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C"}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}