CVE-2018-8013 in Rapid Planninginfo

Summary

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

03/09/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
158478Oracle Rapid Planning Middle Tier deserialization502Not definedOfficial fixCVE-2018-8013
138018Oracle WebCenter Sites Oracle WebLogic Server deserialization502Not definedOfficial fixCVE-2018-8013
137893Oracle Application Session Controller OpenSSL deserialization502Not definedOfficial fixCVE-2018-8013
133614Oracle Data Integrator Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
129679Oracle Retail Integration Bus RIB Kernel deserialization502Not definedOfficial fixCVE-2018-8013
129619Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC deserialization502Not definedOfficial fixCVE-2018-8013
129611Oracle Insurance Policy Administration J2EE User deserialization502Not definedOfficial fixCVE-2018-8013
129480Oracle Communications WebRTC Session Controller Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
129479Oracle Communications Diameter Signaling Router Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125617Oracle Retail Returns Management Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125616Oracle Retail Point-of-Service Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125615Oracle Retail Order Broker Upgrade Install deserialization502Not definedOfficial fixCVE-2018-8013
125614Oracle Retail Central Office Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125613Oracle Retail Back Office Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125512Oracle Insurance Calculation Engine Architecture deserialization502Not definedOfficial fixCVE-2018-8013
125448Oracle Enterprise Repository Security deserialization502Not definedOfficial fixCVE-2018-8013
125447Oracle Business Intelligence Enterprise Edition Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013
125390Oracle Construction/Engineering Suite Instantis EnterpriseTrack deserialization502Not definedOfficial fixCVE-2018-8013
125381Oracle Communications MetaSolv Solution Print Preview deserialization502Not definedOfficial fixCVE-2018-8013
121697Oracle Fusion Middleware MapViewer Install deserialization502Not definedOfficial fixCVE-2018-8013
121639Oracle Financial Services Analytical Applications Infrastructure Link Analysis/Metadata Browser deserialization502Not definedOfficial fixCVE-2018-8013
118200Apache Batik deserialization502Not definedOfficial fixCVE-2018-8013

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!