CVE-2020-9484
First published: Wed May 20 2020(Updated: )
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. An attacker can exploit the flaw if all of the following are true: * An attacker is able to control the contents and name of a file on the server. * The server is configured to use the PersistenceManager with a FileStore. * The PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker-provided object to be deserialized. * The attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over. If all these conditions are true, the attacker can use a specifically crafted request to trigger Remote Code Execution through deserialization of the file under their control. This flaw affects the following Tomcat versions: 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, and 7.0.0 to 7.0.103. Upstream commits: Tomcat 10.0: <a href="https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b">https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b</a> Tomcat 9.0: <a href="https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222">https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222</a> Tomcat 8.5: <a href="https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f">https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f</a> Tomcat 7.0: <a href="https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06">https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06</a>
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tomcat6 | <0:6.0.24-115.el6_10 | 0:6.0.24-115.el6_10 |
| redhat/tomcat | <0:7.0.76-12.el7_8 | 0:7.0.76-12.el7_8 |
| redhat/tomcat7 | <0:7.0.70-40.ep7.el6 | 0:7.0.70-40.ep7.el6 |
| redhat/tomcat8 | <0:8.0.36-44.ep7.el6 | 0:8.0.36-44.ep7.el6 |
| redhat/tomcat-native | <0:1.2.23-22.redhat_22.ep7.el6 | 0:1.2.23-22.redhat_22.ep7.el6 |
| redhat/tomcat7 | <0:7.0.70-40.ep7.el7 | 0:7.0.70-40.ep7.el7 |
| redhat/tomcat8 | <0:8.0.36-44.ep7.el7 | 0:8.0.36-44.ep7.el7 |
| redhat/tomcat-native | <0:1.2.23-22.redhat_22.ep7.el7 | 0:1.2.23-22.redhat_22.ep7.el7 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el6 | 0:9.0.30-4.redhat_5.1.el6 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el6 | 0:1.2.23-5.redhat_5.el6 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el7 | 0:9.0.30-4.redhat_5.1.el7 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el7 | 0:1.2.23-5.redhat_5.el7 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el8 | 0:9.0.30-4.redhat_5.1.el8 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el8 | 0:1.2.23-5.redhat_5.el8 |
| redhat/tomcat | <10.0.0 | 10.0.0 |
| redhat/tomcat | <9.0.35 | 9.0.35 |
| redhat/tomcat | <8.5.55 | 8.5.55 |
| redhat/tomcat | <7.0.104 | 7.0.104 |
| maven/org.apache.tomcat:tomcat-catalina | >=7.0.0<7.0.104 | 7.0.104 |
| maven/org.apache.tomcat:tomcat-catalina | >=8.0.0<8.5.55 | 8.5.55 |
| maven/org.apache.tomcat:tomcat-catalina | >=9.0.0<9.0.35 | 9.0.35 |
| maven/org.apache.tomcat:tomcat-catalina | >=10.0.0-M1<=10.0.0-M4 | 10.0.0-M5 |
| IBM Data Risk Manager | <=2.0.6 | |
| debian/tomcat9 | 9.0.43-2~deb11u10 9.0.43-2~deb11u11 9.0.70-2 9.0.95-1 | |
| Apache Tomcat | >=7.0.0<7.0.108 | |
| Apache Tomcat | >=8.5.0<8.5.63 | |
| Apache Tomcat | >=9.0.1<9.0.43 | |
| Apache Tomcat | =9.0.0-milestone1 | |
| Apache Tomcat | =9.0.0-milestone10 | |
| Apache Tomcat | =9.0.0-milestone11 | |
| Apache Tomcat | =9.0.0-milestone12 | |
| Apache Tomcat | =9.0.0-milestone13 | |
| Apache Tomcat | =9.0.0-milestone14 | |
| Apache Tomcat | =9.0.0-milestone15 | |
| Apache Tomcat | =9.0.0-milestone16 | |
| Apache Tomcat | =9.0.0-milestone17 | |
| Apache Tomcat | =9.0.0-milestone18 | |
| Apache Tomcat | =9.0.0-milestone19 | |
| Apache Tomcat | =9.0.0-milestone2 | |
| Apache Tomcat | =9.0.0-milestone20 | |
| Apache Tomcat | =9.0.0-milestone21 | |
| Apache Tomcat | =9.0.0-milestone22 | |
| Apache Tomcat | =9.0.0-milestone23 | |
| Apache Tomcat | =9.0.0-milestone24 | |
| Apache Tomcat | =9.0.0-milestone25 | |
| Apache Tomcat | =9.0.0-milestone26 | |
| Apache Tomcat | =9.0.0-milestone27 | |
| Apache Tomcat | =9.0.0-milestone3 | |
| Apache Tomcat | =9.0.0-milestone4 | |
| Apache Tomcat | =9.0.0-milestone5 | |
| Apache Tomcat | =9.0.0-milestone6 | |
| Apache Tomcat | =9.0.0-milestone7 | |
| Apache Tomcat | =9.0.0-milestone8 | |
| Apache Tomcat | =9.0.0-milestone9 | |
| Apache Tomcat | =10.0.0-milestone1 | |
| Apache Tomcat | =10.0.0-milestone2 | |
| Apache Tomcat | =10.0.0-milestone3 | |
| Apache Tomcat | =10.0.0-milestone4 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| openSUSE | =15.1 | |
| Fedora | =31 | |
| Fedora | =32 | |
| Ubuntu | =16.04 | |
| Ubuntu | =20.04 | |
| Oracle Agile Engineering Data Management | =6.2.1.0 | |
| Oracle Agile PLM | =9.3.3 | |
| Oracle Agile PLM | =9.3.5 | |
| Oracle Agile PLM | =9.3.6 | |
| oracle communications Cloud native core binding support function | =1.10.0 | |
| oracle communications Cloud native core policy | =1.14.0 | |
| Oracle Communications Diameter Signaling Router | >=8.0.0.0<=8.4.0.5 | |
| oracle communications element manager | >=8.2.0<=8.2.2 | |
| Oracle Communications Instant Messaging Server | =10.0.1.4.0 | |
| oracle communications session report manager | >=8.2.0<=8.2.2 | |
| oracle communications session route manager | >=8.2.0<=8.2.2 | |
| Oracle Database | =12.2.0.1 | |
| Oracle Database | =19c | |
| Oracle Database | =21c | |
| Oracle Fusion Middleware Platform | =12.2.1.3.0 | |
| Oracle Fusion Middleware Platform | =12.2.1.4.0 | |
| Oracle Hospitality Guest Access | =4.2.0 | |
| Oracle Hospitality Guest Access | =4.2.1 | |
| oracle instantis enterprisetrack | >=17.1<=17.3 | |
| Oracle Managed File Transfer | =12.2.1.3.0 | |
| Oracle Managed File Transfer | =12.2.1.4.0 | |
| MySQL Enterprise Monitor | <=8.0.21 | |
| Oracle Retail Order Broker | =15.0 | |
| oracle siebel apps - marketing | <=21.9 | |
| Oracle Siebel User Interface Framework | <=20.12 | |
| Oracle Transportation Management | =6.3.7 | |
| Oracle Workload Manager | =12.2.0.1 | |
| Oracle Workload Manager | =18c | |
| Oracle Workload Manager | =19c | |
| Trellix ePolicy Orchestrator | =5.9.0 | |
| Trellix ePolicy Orchestrator | =5.9.1 | |
| Trellix ePolicy Orchestrator | =5.10.0 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_1 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_2 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_3 |
Remedy
Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-9484 https://nvd.nist.gov/vuln/detail/CVE-2020-9484 http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55 http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35
- https://bugzilla.redhat.com/show_bug.cgi?id=1838332
- https://access.redhat.com/errata/RHSA-2020:2529
- https://access.redhat.com/errata/RHSA-2020:2530
- https://access.redhat.com/errata/RHSA-2021:3140
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/errata/RHSA-2020:2487
- https://access.redhat.com/errata/RHSA-2020:2483
- https://access.redhat.com/errata/RHSA-2020:2506
- https://access.redhat.com/errata/RHSA-2020:2509
- https://access.redhat.com/errata/RHSA-2020:3017
- https://access.redhat.com/security/cve/CVE-2020-9484
- https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html
- https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html
- https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E
- https://security.netapp.com/advisory/ntap-20200528-0005/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
- http://seclists.org/fulldisclosure/2020/Jun/6
- http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
- https://security.gentoo.org/glsa/202006-21
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
- https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.debian.org/security/2020/dsa-4727
- https://usn.ubuntu.com/4448-1/
- https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://usn.ubuntu.com/4596-1/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/03/01/2
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2020-9484
- https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b
- https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222
- https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f
- https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E
- http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5
- http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1838964
- https://access.redhat.com/security/cve/cve-2020-9484
- https://nvd.nist.gov/vuln/detail/CVE-2020-9484
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch
- https://bugzilla.suse.com/show_bug.cgi?id=1171928
- https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453
- https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4
- https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5
- https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35
- https://tomcat.apache.org/security-9.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-10.html
- https://security.netapp.com/advisory/ntap-20200528-0005
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ
- https://usn.ubuntu.com/4448-1
- https://usn.ubuntu.com/4596-1
- https://github.com/advisories/GHSA-344f-f5vg-2jfj (Advisory)
- https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
- https://security-tracker.debian.org/tracker/CVE-2020-9484
- https://exchange.xforce.ibmcloud.com/vulnerabilities/182231
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
- https://ubuntu.com/security/CVE-2020-9484
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-9484?
CVE-2020-9484 is rated as important due to a deserialization vulnerability that can be exploited by attackers.
How do I fix CVE-2020-9484?
To address CVE-2020-9484, upgrade to Apache Tomcat versions 7.0.104, 8.5.55, 9.0.35, or 10.0.0.
What systems are affected by CVE-2020-9484?
CVE-2020-9484 affects Apache Tomcat versions prior to 7.0.104, 8.5.55, 9.0.35, and 10.0.0.
What is the impact of exploiting CVE-2020-9484?
Exploiting CVE-2020-9484 can allow an attacker to execute arbitrary code on the server.
Is there a workaround for CVE-2020-9484?
A workaround for CVE-2020-9484 is to reconfigure the server to avoid using a PersistenceManager with a FileStore.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-9484
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-344f-f5vg-2jfj
- collector/github-advisory
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/maven
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- package-manager/debian
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/7.0.0
- version/apache tomcat/8.5.0
- version/apache tomcat/9.0.1
- version/apache tomcat/9.0.0-milestone1
- version/apache tomcat/9.0.0-milestone10
- version/apache tomcat/9.0.0-milestone11
- version/apache tomcat/9.0.0-milestone12
- version/apache tomcat/9.0.0-milestone13
- version/apache tomcat/9.0.0-milestone14
- version/apache tomcat/9.0.0-milestone15
- version/apache tomcat/9.0.0-milestone16
- version/apache tomcat/9.0.0-milestone17
- version/apache tomcat/9.0.0-milestone18
- version/apache tomcat/9.0.0-milestone19
- version/apache tomcat/9.0.0-milestone2
- version/apache tomcat/9.0.0-milestone20
- version/apache tomcat/9.0.0-milestone21
- version/apache tomcat/9.0.0-milestone22
- version/apache tomcat/9.0.0-milestone23
- version/apache tomcat/9.0.0-milestone24
- version/apache tomcat/9.0.0-milestone25
- version/apache tomcat/9.0.0-milestone26
- version/apache tomcat/9.0.0-milestone27
- version/apache tomcat/9.0.0-milestone3
- version/apache tomcat/9.0.0-milestone4
- version/apache tomcat/9.0.0-milestone5
- version/apache tomcat/9.0.0-milestone6
- version/apache tomcat/9.0.0-milestone7
- version/apache tomcat/9.0.0-milestone8
- version/apache tomcat/9.0.0-milestone9
- version/apache tomcat/10.0.0-milestone1
- version/apache tomcat/10.0.0-milestone2
- version/apache tomcat/10.0.0-milestone3
- version/apache tomcat/10.0.0-milestone4
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/31
- version/fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/20.04
- vendor/oracle
- canonical/oracle agile engineering data management
- version/oracle agile engineering data management/6.2.1.0
- canonical/oracle agile plm
- version/oracle agile plm/9.3.3
- version/oracle agile plm/9.3.5
- version/oracle agile plm/9.3.6
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/1.10.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0.0
- version/oracle communications diameter signaling router/8.4.0.5
- canonical/oracle communications element manager
- version/oracle communications element manager/8.2.0
- version/oracle communications element manager/8.2.2
- canonical/oracle communications instant messaging server
- version/oracle communications instant messaging server/10.0.1.4.0
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.2.0
- version/oracle communications session report manager/8.2.2
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.2.0
- version/oracle communications session route manager/8.2.2
- canonical/oracle database
- version/oracle database/12.2.0.1
- version/oracle database/19c
- version/oracle database/21c
- canonical/oracle fusion middleware platform
- version/oracle fusion middleware platform/12.2.1.3.0
- version/oracle fusion middleware platform/12.2.1.4.0
- canonical/oracle hospitality guest access
- version/oracle hospitality guest access/4.2.0
- version/oracle hospitality guest access/4.2.1
- canonical/oracle instantis enterprisetrack
- version/oracle instantis enterprisetrack/17.1
- version/oracle instantis enterprisetrack/17.3
- canonical/oracle managed file transfer
- version/oracle managed file transfer/12.2.1.3.0
- version/oracle managed file transfer/12.2.1.4.0
- canonical/mysql enterprise monitor
- version/mysql enterprise monitor/8.0.21
- canonical/oracle retail order broker
- version/oracle retail order broker/15.0
- canonical/oracle siebel apps - marketing
- version/oracle siebel apps - marketing/21.9
- canonical/oracle siebel user interface framework
- version/oracle siebel user interface framework/20.12
- canonical/oracle transportation management
- version/oracle transportation management/6.3.7
- canonical/oracle workload manager
- version/oracle workload manager/12.2.0.1
- version/oracle workload manager/18c
- version/oracle workload manager/19c
- vendor/mcafee
- canonical/trellix epolicy orchestrator
- version/trellix epolicy orchestrator/5.9.0
- version/trellix epolicy orchestrator/5.9.1
- version/trellix epolicy orchestrator/5.10.0
- version/trellix epolicy orchestrator/5.10.0-update_1
- version/trellix epolicy orchestrator/5.10.0-update_2
- version/trellix epolicy orchestrator/5.10.0-update_3