CVE-2022-22965

Published Apr 1, 2022
Last updated a month ago
Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024
The vulnerability affects Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, as well as all older versions. For an application to be fully vulnerable to the currently (13/04/2020) known vectors, a number of pre-requisites are required for the application to be vulnerable.
More information is available in our blog post here.
Overview

Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Source: security@vmware.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits

Data from CISA
Vulnerability name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
Exploit added on: Apr 4, 2022
Exploit action due: Apr 25, 2022
Required action: Apply updates per vendor instructions.
Weaknesses

nvd@nist.gov: CWE-94
security@vmware.com: CWE-94
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8",
            "versionEndExcluding": "5.2.20"
          },
          {
            "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5049322E-FFAA-4CAA-B794-63539EA4E6D7",
            "versionEndExcluding": "5.3.18",
            "versionStartIncluding": "5.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19F22333-401B-4DB1-A63D-622FA54C2BA9",
            "versionStartIncluding": "9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA44823-E5F1-4922-BCCA-13BEB49C017B",
            "versionEndExcluding": "2.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D163AA57-1D66-4FBF-A8BB-F13E56E5C489"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ECCD8C1-C055-4958-A613-B6D1609687F1",
            "versionEndExcluding": "8.0.29"
          },
          {
            "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
            "versionEndExcluding": "2.0.4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB"
          },
          {
            "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602"
          },
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2"
          },
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602"
          },
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2"
          },
          {
            "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588"
          },
          {
            "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD"
          },
          {
            "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307"
          },
          {
            "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33"
          },
          {
            "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F"
          },
          {
            "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B"
          },
          {
            "criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B1DC73-8B4C-418B-96A7-17C35E9164CE"
          },
          {
            "criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48E6CF01-79F1-4E56-BB3C-02AE544876E4"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62D12B2A-0167-4010-888E-30BB96DBA3F4"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91A353F-6BEE-423E-BB6A-413C2C03D313"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3F72DF7-C2C6-4009-82D8-462714D80DF5"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED4BC39F-2A18-4F2D-B5A6-A1590D220611"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63459D69-EC29-49A6-9577-A48B63C63063"
          },
          {
            "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B20A490-3398-4B36-9630-98CADC801E9E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
            "versionEndExcluding": "2.0.4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D035FB7D-36A5-439E-9992-DE255F020AB5",
            "versionEndExcluding": "1.2.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D14E8FC-464B-414D-AE56-C20FF46E25FB",
            "versionEndExcluding": "1.0.3"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB"
          },
          {
            "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]