Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-10173
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-23 Jul, 2019 | 13:15
Updated At-14 May, 2025 | 20:02

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
xstream
xstream
>>xstream>>1.4.10
cpe:2.3:a:xstream:xstream:1.4.10:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>banking_platform>>Versions from 2.4.0(inclusive) to 2.10.0(inclusive)
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>banking_platform>>2.4.0
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>banking_platform>>2.7.1
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>banking_platform>>2.9.0
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>business_activity_monitoring>>11.1.1.9.0
cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>business_activity_monitoring>>12.2.1.3.0
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>business_activity_monitoring>>12.2.1.4.0
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_billing_and_revenue_management_elastic_charging_engine>>11.3.0.9.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_billing_and_revenue_management_elastic_charging_engine>>12.0.0.3.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_diameter_signaling_router>>Versions from 8.0.0(inclusive) to 8.2.2(inclusive)
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.3.0
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.4.0
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>endeca_information_discovery_studio>>3.2.0
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>endeca_information_discovery_studio>>3.2.0.0
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>17.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>utilities_framework>>Versions from 4.3.0.1.0(inclusive) to 4.3.0.6.0(inclusive)
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>utilities_framework>>2.2.0.0.0
cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>utilities_framework>>4.2.0.2.0
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>utilities_framework>>4.2.0.3.0
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>utilities_framework>>4.4.0.0.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>webcenter_portal>>11.1.1.9.0
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>webcenter_portal>>12.2.1.3.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>webcenter_portal>>12.2.1.4.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarysecalert@redhat.com
CWE-502Secondarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: secalert@redhat.com
CWE ID: CWE-502
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://x-stream.github.io/changes.html#1.4.11secalert@redhat.com
Release Notes
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4352secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0445secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173secalert@redhat.com
Issue Tracking
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlsecalert@redhat.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlsecalert@redhat.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlsecalert@redhat.com
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlsecalert@redhat.com
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecalert@redhat.com
Third Party Advisory
http://x-stream.github.io/changes.html#1.4.11af854a3a-2127-422b-91ae-364da2661108
Release Notes
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4352af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0445af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://x-stream.github.io/changes.html#1.4.11
Source: secalert@redhat.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0445
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2021.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://x-stream.github.io/changes.html#1.4.11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0445
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found