Vulnerability Details : CVE-2021-27568
Potential exploit
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
Products affected by CVE-2021-27568
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:json-smart_project:json-smart-v1:*:*:*:*:*:*:*:*
- cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*
- cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-27568
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27568
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2021-27568
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27568
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
[druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438) - Pony MailMailing List;Patch;Third Party Advisory
-
https://github.com/netplex/json-smart-v1/issues/7
Uncaught Exception in Parser · Issue #7 · netplex/json-smart-v1 · GitHubExploit;Third Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://github.com/netplex/json-smart-v2/issues/60
Uncaught Exception in Parser · Issue #60 · netplex/json-smart-v2 · GitHubExploit;Third Party Advisory
-
https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf5ad9cb01c980c6@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] zachjsh opened a new pull request #11438: Suppress CVE-2021-27568 from json-smart 2.3 dependency - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20d318943453e396@%3Ccommits.druid.apache.org%3E
[GitHub] [druid] zachjsh merged pull request #11438: Suppress CVE-2021-27568 from json-smart 2.3 dependency - Pony MailMailing List;Third Party Advisory
Jump to