{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T20:49:05.043","vulnerabilities":[{"cve":{"id":"CVE-2021-29505","sourceIdentifier":"security-advisories@github.com","published":"2021-05-28T21:15:08.713","lastModified":"2025-05-30T00:15:20.543","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17."},{"lang":"es","value":"XStream es un software para serializar objetos Java a XML y viceversa. Una vulnerabilidad en las versiones de XStream anteriores a la versión 1.4.17 puede permitir a un atacante remoto que tenga derechos suficientes ejecutar comandos del host sólo manipulando el flujo de entrada procesado. Ningún usuario que haya seguido la recomendación de configurar el marco de seguridad de XStream con una lista blanca limitada a los tipos mínimos necesarios está afectado. La vulnerabilidad está parcheada en la versión 1.4.17"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.17","matchCriteriaId":"67DC253F-06E0-424B-B513-9CBE00459004"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.2:*:*:*:*:*:*:*","matchCriteriaId":"3DBD5E57-CC8B-4180-ACBD-BD067D0801D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.3:*:*:*:*:*:*:*","matchCriteriaId":"071E67EC-DC5A-4BD1-AC8F-6266E6436FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*","matchCriteriaId":"626C6209-8BC3-4954-BF0C-51500582457E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CF9A061-2421-426D-9854-0A4E55B2961D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*","matchCriteriaId":"B72B735F-4E52-484A-9C2C-23E6E2070385"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*","matchCriteriaId":"8B36A1D4-F391-4EE3-9A65-0A10568795BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*","matchCriteriaId":"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0275F820-40BE-47B8-B167-815A55DF578E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6A8420D4-AAF1-44AA-BF28-48EE3ED310B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*","matchCriteriaId":"B185C1EA-71E6-4972-8637-08A33CC00841"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"CC723E79-8F35-417B-B9D9-6A707F74C1EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5700C2E9-5FF2-48EF-AD85-3C03EDA76536"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"BA8461A2-428C-4817-92A9-0C671545698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*","matchCriteriaId":"512E0604-4D40-49CE-8142-89379A226913"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*","matchCriteriaId":"F5726AE4-4F63-4793-8948-0546DAA2D50D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"539DA24F-E3E0-4455-84C6-A9D96CD601B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A7637F8B-15F1-42E2-BE18-E1FF7C66587D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B095CC03-7077-4A58-AB25-CC5380CDCE5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*","matchCriteriaId":"3D1C35DF-D30D-42C8-B56D-C809609AB2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*","matchCriteriaId":"834B4CE7-042E-489F-AE19-0EEA2C37E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","matchCriteriaId":"490B2C44-CECD-4551-B04F-4076D0E053C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","matchCriteriaId":"48EFC111-B01B-4C34-87E4-D6B2C40C0122"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*","matchCriteriaId":"073FEA23-E46A-4C73-9D29-95CFF4F5A59D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A69FB468-EAF3-4E67-95E7-DF92C281C1F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D6A4F71A-4269-40FC-8F61-1D1301F2B728"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D551CAB1-4312-44AA-BDA8-A030817E153A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"}]}]}],"references":[{"url":"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227","source":"security-advisories@github.com"},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E","source":"security-advisories@github.com"},{"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB","source":"security-advisories@github.com"},{"url":"https://security.netapp.com/advisory/ntap-20210708-0007","source":"security-advisories@github.com"},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2021-29505.html","source":"security-advisories@github.com"},{"url":"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20210708-0007/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}