Unknown
CVE-2021-36374
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-36374
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- apache,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile plm 9.3.6,
- ant,
- banking trade finance 14.5,
- banking treasury management 14.5,
- communications cloud native core automated test suite 1.9.0,
- communications cloud native core binding support function 1.11.0,
- communications diameter intelligence hub,
- communications order and service management 7.3,
- communications order and service management 7.4,
- communications unified inventory management 7.3.0,
- communications unified inventory management 7.4.0,
- communications unified inventory management 7.4.1,
- communications unified inventory management 7.4.2,
- communications unified inventory management 7.5.0,
- enterprise repository 11.1.1.7.0,
- financial services analytical applications infrastructure,
- health sciences information manager,
- health sciences information manager 3.0.0.1,
- insurance policy administration,
- primavera gateway,
- primavera unifier,
- primavera unifier 18.8,
- primavera unifier 19.12,
- primavera unifier 20.12,
- product lifecycle analytics 3.6.1,
- real-time decision server 11.1.1.9.0,
- real-time decision server 3.2.0.0,
- retail advanced inventory planning 14.1,
- retail advanced inventory planning 15.0,
- retail advanced inventory planning 16.0,
- retail back office 14.0,
- retail back office 14.1,
- retail bulk data integration 16.0.3.0,
- retail bulk data integration 19.0.1,
- retail central office 14.0,
- retail central office 14.1,
- retail eftlink 19.0.1,
- retail eftlink 20.0.1,
- retail extract transform and load 13.2.8,
- retail financial integration 14.1.3.2,
- retail financial integration 15.0.4.0,
- retail financial integration 16.0.3.0,
- retail integration bus 14.1.3.2,
- retail integration bus 15.0.4.0,
- retail integration bus 16.0.3.0,
- retail integration bus 19.0.1.0,
- retail invoice matching 16.0.3,
- retail merchandising system 19.0.1,
- retail point-of-service 14.0,
- retail point-of-service 14.1,
- retail predictive application server 14.1.3,
- retail predictive application server 15.0.3,
- retail predictive application server 16.0.3.0,
- retail service backbone 14.1.3.2,
- retail service backbone 15.0.4.0,
- retail service backbone 16.0.3.0,
- retail service backbone 19.0.1.0,
- retail store inventory management 14.1,
- retail store inventory management 15.0,
- retail store inventory management 16.0,
- retail xstore point of service 16.0.6,
- retail xstore point of service 17.0.4,
- retail xstore point of service 18.0.3,
- retail xstore point of service 19.0.2,
- retail xstore point of service 20.0.1,
- timesten in-memory database,
- utilities framework,
- utilities framework 4.2.0.2.0,
- utilities framework 4.2.0.3.0,
- utilities framework 4.4.0.0.0,
- utilities framework 4.4.0.2.0,
- utilities framework 4.4.0.3.0,
- utilities testing accelerator 6.0.0.1.1
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: