{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:44:05.769","vulnerabilities":[{"cve":{"id":"CVE-2021-39145","sourceIdentifier":"security-advisories@github.com","published":"2021-08-23T18:15:12.337","lastModified":"2025-05-23T16:52:04.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose."},{"lang":"es","value":"XStream es una biblioteca sencilla para serializar objetos a XML y viceversa. En las versiones afectadas, esta vulnerabilidad puede permitir a un atacante remoto cargar y ejecutar código arbitrario desde un host remoto sólo al manipular el flujo de entrada procesado. No está afectado ningún usuario que haya seguido la recomendación de configurar el framework de seguridad de XStream con una lista blanca limitada a los tipos mínimos necesarios. XStream versión 1.4.18 ya no usa una lista negra por defecto, ya que no puede ser asegurada para fines generales."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"},{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.18","matchCriteriaId":"A01843B3-11E1-4CD5-9C77-CC57B908B845"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*","matchCriteriaId":"26A2B713-7D6D-420A-93A4-E0D983C983DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*","matchCriteriaId":"64DE38C8-94F1-4860-B045-F33928F676A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"BA8461A2-428C-4817-92A9-0C671545698D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*","matchCriteriaId":"2A3622F5-5976-4BBC-A147-FC8A6431EA79"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*","matchCriteriaId":"5A9E4125-B744-4A9D-BFE6-5D82939958FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*","matchCriteriaId":"261212BD-125A-487F-97E8-A9587935DFE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"A4CA84D6-F312-4C29-A02B-050FCB7A902B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"B6B6FE82-7BFA-481D-99D6-789B146CA18B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"4479F76A-4B67-41CC-98C7-C76B81050F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"539DA24F-E3E0-4455-84C6-A9D96CD601B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A7637F8B-15F1-42E2-BE18-E1FF7C66587D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","matchCriteriaId":"490B2C44-CECD-4551-B04F-4076D0E053C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","matchCriteriaId":"48EFC111-B01B-4C34-87E4-D6B2C40C0122"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*","matchCriteriaId":"073FEA23-E46A-4C73-9D29-95CFF4F5A59D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A69FB468-EAF3-4E67-95E7-DF92C281C1F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*","matchCriteriaId":"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.3.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"900521A0-453C-4D97-B5EB-BADF0245370D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*","matchCriteriaId":"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3F906F04-39E4-4BE4-8A73-9D058AAADB43"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7B393A82-476A-4270-A903-38ED4169E431"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D6A4F71A-4269-40FC-8F61-1D1301F2B728"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"}]}]}],"references":[{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20210923-0003/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2021-39145.html","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20210923-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-5004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://x-stream.github.io/CVE-2021-39145.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}