First published: Fri Mar 12 2021(Updated: )
A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/xstream | <0:1.3.1-13.el7_9 | 0:1.3.1-13.el7_9 |
redhat/xstream | <1.4.16 | 1.4.16 |
Xstream Project Xstream | <1.4.16 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Oracle Banking Enterprise Default Management | =2.10.0 | |
Oracle Banking Enterprise Default Management | =2.12.0 | |
Oracle Banking Platform | =2.4.0 | |
Oracle Banking Platform | =2.7.1 | |
Oracle Banking Platform | =2.9.0 | |
Oracle Banking Platform | =2.12.0 | |
Oracle Banking Virtual Account Management | =14.2.0 | |
Oracle Banking Virtual Account Management | =14.3.0 | |
Oracle Banking Virtual Account Management | =14.5.0 | |
Oracle BI Publisher | =5.5.0.0.0 | |
Oracle BI Publisher | =12.2.1.3.0 | |
Oracle BI Publisher | =12.2.1.4.0 | |
Oracle Business Activity Monitoring | =11.1.1.9.0 | |
Oracle Business Activity Monitoring | =12.2.1.3.0 | |
Oracle Business Activity Monitoring | =12.2.1.4.0 | |
Oracle Communications Billing And Revenue Management Elastic Charging Engine | =12.0.0.3.0 | |
Oracle Communications Policy Management | =12.5.0 | |
Oracle Communications Unified Inventory Management | =7.3.2 | |
Oracle Communications Unified Inventory Management | =7.3.4 | |
Oracle Communications Unified Inventory Management | =7.3.5 | |
Oracle Communications Unified Inventory Management | =7.4.0 | |
Oracle Communications Unified Inventory Management | =7.4.1 | |
Oracle Retail Xstore Point of Service | =16.0.6 | |
Oracle Retail Xstore Point of Service | =17.0.4 | |
Oracle Retail Xstore Point of Service | =18.0.3 | |
Oracle Retail Xstore Point of Service | =19.0.2 | |
Oracle WebCenter Portal | =11.1.1.9.0 | |
Oracle WebCenter Portal | =12.2.1.3.0 | |
Oracle WebCenter Portal | =12.2.1.4.0 | |
debian/libxstream-java | 1.4.15-3+deb11u2 1.4.20-1 1.4.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-21346 is a vulnerability in the XStream Java library that allows a remote attacker to load and execute arbitrary code by manipulating the input stream.
The severity of CVE-2021-21346 is high with a CVSS score of 8.1.
Users who have the affected versions of XStream (1.3.1-13.el7_9 and earlier) are vulnerable to this exploit.
You can fix CVE-2021-21346 by upgrading to version 1.4.16 of XStream or a later version that includes the security patch.
You can find more information about CVE-2021-21346 on the CVE website (https://www.cve.org/CVERecord?id=CVE-2021-21346) and the NIST NVD database (https://nvd.nist.gov/vuln/detail/CVE-2021-21346).