{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T08:21:09.417","vulnerabilities":[{"cve":{"id":"CVE-2020-26217","sourceIdentifier":"security-advisories@github.com","published":"2020-11-16T21:15:12.893","lastModified":"2025-05-23T16:54:19.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14."},{"lang":"es","value":"XStream anterior a versión 1.4.14, es vulnerable a una ejecución de código remota. La vulnerabilidad puede permitir a un atacante remoto ejecutar comandos de shell arbitrarios solo manipulando el flujo de entrada procesado.&#xa0;Solo los usuarios que dependen de las listas de bloqueo están afectados.&#xa0;Cualquiera que utilice la lista de permitidos del Security Framework de XStream no estará afectado.&#xa0;El aviso vinculado proporciona soluciones de código para usuarios que no pueden actualizar.&#xa0;El problema se corrigió en la versión 1.4.14"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.14","matchCriteriaId":"9707A88D-33D7-46A3-9B73-0910B9086413"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","matchCriteriaId":"D8668AF8-DA10-45F2-AB8C-432640D52C04"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*","matchCriteriaId":"25BBBC1A-228F-45A6-AE95-DB915EDF84BD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.14","matchCriteriaId":"08739311-087C-4B48-8FD5-DE4CCDD1DE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:activemq:5.16.0:*:*:*:*:*:*:*","matchCriteriaId":"8DF1FC86-4D17-41C5-8307-B3EA9FEDA124"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.2:*:*:*:*:*:*:*","matchCriteriaId":"3DBD5E57-CC8B-4180-ACBD-BD067D0801D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.3:*:*:*:*:*:*:*","matchCriteriaId":"071E67EC-DC5A-4BD1-AC8F-6266E6436FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*","matchCriteriaId":"626C6209-8BC3-4954-BF0C-51500582457E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*","matchCriteriaId":"55543515-BE87-4D88-8F9B-130FCE792642"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*","matchCriteriaId":"0D32FE52-C11F-40F0-943A-4FD1241AA599"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*","matchCriteriaId":"6EE231C5-8BF0-48F4-81EF-7186814664CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*","matchCriteriaId":"F9284BB0-343D-46DE-B45D-68081BC20225"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*","matchCriteriaId":"821A1FAA-6475-4892-97A5-10D434BC2C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*","matchCriteriaId":"2AA5FF83-B693-4DAB-B585-0FD641266231"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"C2BEE49E-A5AA-42D3-B422-460454505480"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"AB9FC9AB-1070-420F-870E-A5EC43A924A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*","matchCriteriaId":"1D99F81D-61BB-4904-BE31-3367D4A98FD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*","matchCriteriaId":"93866792-1AAE-40AE-84D0-21250A296BE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*","matchCriteriaId":"45AB3A29-0994-46F4-8093-B4A9CE0BD95F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2:*:*:*:*:*:*:*","matchCriteriaId":"2CA1E217-7551-4718-A813-7F55927C7829"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3:*:*:*:*:*:*:*","matchCriteriaId":"DE39702F-0176-4C0E-96BA-A344319776B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*","matchCriteriaId":"AA4A9041-B9BC-451C-B1BD-4E2FD795BF27"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*","matchCriteriaId":"D1534C11-E3F5-49F3-8F8D-7C5C90951E69"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1111BCFD-E336-4B31-A87E-76C684AC6DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"CC723E79-8F35-417B-B9D9-6A707F74C1EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5700C2E9-5FF2-48EF-AD85-3C03EDA76536"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"BA8461A2-428C-4817-92A9-0C671545698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*","matchCriteriaId":"5312AC7A-3C16-4967-ACA6-317289A749D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0D7C6438-6E88-41CD-BE34-90341030E41F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","matchCriteriaId":"490B2C44-CECD-4551-B04F-4076D0E053C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","matchCriteriaId":"48EFC111-B01B-4C34-87E4-D6B2C40C0122"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*","matchCriteriaId":"073FEA23-E46A-4C73-9D29-95CFF4F5A59D"}]}]}],"references":[{"url":"https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E","source":"security-advisories@github.com","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E","source":"security-advisories@github.com","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c%40%3Cissues.activemq.apache.org%3E","source":"security-advisories@github.com","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3%40%3Cissues.activemq.apache.org%3E","source":"security-advisories@github.com","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210409-0004/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4811","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Not Applicable","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security-advisories@github.com","tags":["Not Applicable","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2020-26217.html","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210409-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2020-26217.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}