CVE-2021-27568 — MEDIUM (5.9)

Q: How severe is CVE-2021-27568?

CVE-2021-27568 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-27568?

Check the references section above for vendor advisories and patch information. Affected products include: Json-Smart Project Json-Smart-V1, Json-Smart Project Json-Smart-V2, Oracle Communications Cloud Native Core Policy, Oracle Oss Support Tools, Oracle Peoplesoft Enterprise Peopletools.

Vulnerability Description

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Json-Smart Project	Json-Smart-V1	< 1.3.2
Json-Smart Project	Json-Smart-V2	< 2.3.1
Oracle	Communications Cloud Native Core Policy	1.14.0
Oracle	Oss Support Tools	< 2.12.42
Oracle	Peoplesoft Enterprise Peopletools	8.58
Oracle	Utilities Framework	4.4.0.0.0
Oracle	Weblogic Server	12.2.1.3.0

Related Weaknesses (CWE)

CWE-754

References

https://github.com/netplex/json-smart-v1/issues/7ExploitThird Party Advisory
https://github.com/netplex/json-smart-v2/issues/60ExploitThird Party Advisory
https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20
https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e
https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
https://github.com/netplex/json-smart-v1/issues/7ExploitThird Party Advisory
https://github.com/netplex/json-smart-v2/issues/60ExploitThird Party Advisory
https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20
https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e
https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2021-27568?

CVE-2021-27568 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatExceptio...

How severe is CVE-2021-27568?

CVE-2021-27568 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27568?

Check the references section above for vendor advisories and patch information. Affected products include: Json-Smart Project Json-Smart-V1, Json-Smart Project Json-Smart-V2, Oracle Communications Cloud Native Core Policy, Oracle Oss Support Tools, Oracle Peoplesoft Enterprise Peopletools.