CVE-2021-27568Improper Check for Unusual or Exceptional Conditions in Project Json-smart-v1

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-200Sensitive Information Exposure8 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Json-smart Project Json-smart-v1Json-smart Project Json-smart-v2Oracle OSS Support Tools+4 more
Timeline
PublishedFeb 23
Latest updateApr 15

Description

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages7 packages

NVDoracle/weblogic_server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0+2
NVDoracle/utilities_framework4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
Improper Check for Unusual or Exceptional Conditions in json-smart2021-06-16
OSV
Improper Check for Unusual or Exceptional Conditions in json-smart2021-06-16
CVEList
CVE-2021-27568: An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 22021-02-23

📋Vendor Advisories

4
Oracle
Oracle Oracle Analytics Risk Matrix: BI Application Archive (json-smart) — CVE-2021-275682023-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Policy (netplex json-smart) — CVE-2021-275682022-01-15
Oracle
Oracle Oracle PeopleSoft Risk Matrix: REST Services (netplex json-smart-v1) — CVE-2021-275682021-07-15
Red Hat
json-smart: uncaught exception may lead to crash or information disclosure2021-02-23
CVE-2021-27568 — Project Json-smart-v1 vulnerability | cvebase