[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-12418":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":61,"related":62,"reserved_at":9,"published_at":77,"modified_at":78,"state":79,"summary":80,"references_raw":88,"kevs":209,"epss":210,"epss_history":213,"metrics":476,"affected":489},"CVE-2019-12418","When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[20],"GHSA-hh3j-x4mc-g48r",[],[23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":24},"SUSE-SU-2020:0029-1",{"_key":26},"SUSE-SU-2020:0226-1",{"_key":28},"SUSE-SU-2020:0632-1",{"_key":30},"SUSE-SU-2020:14375-1",{"_key":32},"SUSE-SU-2020:1497-1",{"_key":34},"SUSE-SU-2020:1498-1",{"_key":36},"OPENSUSE-SU-2020:0038-1",{"_key":38},"OPENSUSE-SU-2024:11468-1",{"_key":40},"OPENSUSE-SU-2024:13441-1",{"_key":42},"DLA-2077-1",{"_key":44},"DLA-2155-1",{"_key":46},"DSA-4596-1",{"_key":48},"DSA-4680-1",{"_key":50},"MGASA-2020-0054",{"_key":52},"USN-4251-1",{"_key":54},"DEBIAN-CVE-2019-12418",{"_key":56},"RHSA-2020:0861",{"_key":58},"RHSA-2020:1520",{"_key":60},"UBUNTU-CVE-2019-12418",[],[63,64,65,66,67,68,69,70,71,72,73,75],{"_key":50},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":74},"CGA-8W25-PMJP-VRMJ",{"_key":76},"CGA-PH6Q-8G38-CP58","2019-12-23T17:12:43.000Z","2024-08-04T23:17:40.118Z","Modified",{"cisa_kev":81,"cisa_ransomware":81,"cisa_vendor":9,"epss_severity":82,"epss_score":83,"severity":84,"severity_score":4,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":79},false,"low",0.00481,"high","v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[89,99,105,110,114,118,123,128,133,137,141,145,149,153,158,162,168,172,177,181,185,189,193,197,201,205],{"url":90,"sources":91,"tags":94},"https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E",[92,86,93],"cve.org","osv_maven",[95,96,97,98],"X Refsource CONFIRM","Mailing List","Vendor Advisory","WEB",{"url":100,"sources":101,"tags":102},"https://www.debian.org/security/2019/dsa-4596",[92,86,93],[97,103,104,98],"X Refsource DEBIAN","Third Party Advisory",{"url":106,"sources":107,"tags":108},"https://seclists.org/bugtraq/2019/Dec/43",[92,86,93],[96,109,104,98],"X Refsource BUGTRAQ",{"url":111,"sources":112,"tags":113},"https://security.netapp.com/advisory/ntap-20200107-0001/",[92,86],[95,104],{"url":115,"sources":116,"tags":117},"https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS",[92,86],[95],{"url":119,"sources":120,"tags":121},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html",[92,86,93],[97,122,96,104,98],"X Refsource SUSE",{"url":124,"sources":125,"tags":126},"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html",[92,86,93],[96,127,104,98],"X Refsource MLIST",{"url":129,"sources":130,"tags":131},"https://usn.ubuntu.com/4251-1/",[92,86],[97,132,104],"X Refsource UBUNTU",{"url":134,"sources":135,"tags":136},"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",[92,86],[96,127],{"url":138,"sources":139,"tags":140},"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",[92,86],[96,127],{"url":142,"sources":143,"tags":144},"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",[92,86],[96,127],{"url":146,"sources":147,"tags":148},"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",[92,86],[96,127],{"url":150,"sources":151,"tags":152},"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",[92,86],[96,127],{"url":154,"sources":155,"tags":156},"https://security.gentoo.org/glsa/202003-43",[92,86,93],[97,157,104,98],"X Refsource GENTOO",{"url":159,"sources":160,"tags":161},"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html",[92,86,93],[96,127,104,98],{"url":163,"sources":164,"tags":165},"https://www.oracle.com/security-alerts/cpuapr2020.html",[92,86,93],[166,167,104,98],"X Refsource MISC","Patch",{"url":169,"sources":170,"tags":171},"https://www.debian.org/security/2020/dsa-4680",[92,86,93],[97,103,104,98],{"url":173,"sources":174,"tags":175},"https://nvd.nist.gov/vuln/detail/CVE-2019-12418",[93],[176],"Advisory",{"url":178,"sources":179,"tags":180},"https://usn.ubuntu.com/4251-1",[93],[98],{"url":182,"sources":183,"tags":184},"https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS",[93],[98],{"url":186,"sources":187,"tags":188},"https://security.netapp.com/advisory/ntap-20200107-0001",[93],[98],{"url":190,"sources":191,"tags":192},"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",[93],[98],{"url":194,"sources":195,"tags":196},"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",[93],[98],{"url":198,"sources":199,"tags":200},"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",[93],[98],{"url":202,"sources":203,"tags":204},"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",[93],[98],{"url":206,"sources":207,"tags":208},"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",[93],[98],[],{"date":211,"score":83,"percentile":212},"2026-06-04",0.6548,[214,218,221,224,227,230,233,236,239,242,245,248,251,254,257,261,264,267,270,273,276,278,281,283,286,289,292,295,299,302,305,308,310,312,314,316,319,322,325,328,331,334,337,340,343,346,349,352,355,357,360,364,367,369,373,376,379,382,385,388,391,394,396,399,402,405,408,411,413,415,418,421,424,427,430,433,436,439,442,444,447,450,453,456,459,462,465,468,471,473],{"date":215,"score":216,"percentile":217},"2025-11-04",0.0087,0.74453,{"date":219,"score":216,"percentile":220},"2025-11-05",0.74443,{"date":222,"score":216,"percentile":223},"2025-11-06",0.74442,{"date":225,"score":216,"percentile":226},"2025-11-07",0.7446,{"date":228,"score":216,"percentile":229},"2025-11-08",0.74457,{"date":231,"score":216,"percentile":232},"2025-11-09",0.74452,{"date":234,"score":216,"percentile":235},"2025-11-10",0.74438,{"date":237,"score":216,"percentile":238},"2025-11-11",0.74441,{"date":240,"score":216,"percentile":241},"2025-11-12",0.74461,{"date":243,"score":216,"percentile":244},"2025-11-13",0.74468,{"date":246,"score":216,"percentile":247},"2025-11-14",0.74473,{"date":249,"score":216,"percentile":250},"2025-11-15",0.74471,{"date":252,"score":216,"percentile":253},"2025-11-16",0.74469,{"date":255,"score":216,"percentile":256},"2025-11-17",0.74463,{"date":258,"score":259,"percentile":260},"2025-11-18",0.01209,0.77207,{"date":262,"score":259,"percentile":263},"2025-11-19",0.77214,{"date":265,"score":259,"percentile":266},"2025-11-20",0.77223,{"date":268,"score":216,"percentile":269},"2025-11-21",0.74486,{"date":271,"score":216,"percentile":272},"2025-11-22",0.74477,{"date":274,"score":216,"percentile":275},"2025-11-23",0.74465,{"date":277,"score":216,"percentile":226},"2025-11-24",{"date":279,"score":216,"percentile":280},"2025-11-25",0.74462,{"date":282,"score":216,"percentile":244},"2025-11-26",{"date":284,"score":216,"percentile":285},"2025-11-27",0.7447,{"date":287,"score":216,"percentile":288},"2025-11-28",0.74459,{"date":290,"score":216,"percentile":291},"2025-11-29",0.74456,{"date":293,"score":216,"percentile":294},"2025-11-30",0.74455,{"date":296,"score":297,"percentile":298},"2025-12-01",0.0011,0.30028,{"date":300,"score":297,"percentile":301},"2025-12-02",0.30057,{"date":303,"score":297,"percentile":304},"2025-12-03",0.30063,{"date":306,"score":216,"percentile":307},"2025-12-04",0.7445,{"date":309,"score":216,"percentile":288},"2025-12-05",{"date":311,"score":216,"percentile":280},"2025-12-06",{"date":313,"score":216,"percentile":226},"2025-12-07",{"date":315,"score":216,"percentile":256},"2025-12-08",{"date":317,"score":216,"percentile":318},"2025-12-09",0.7449,{"date":320,"score":216,"percentile":321},"2025-12-10",0.7452,{"date":323,"score":216,"percentile":324},"2025-12-11",0.74534,{"date":326,"score":216,"percentile":327},"2025-12-12",0.74558,{"date":329,"score":216,"percentile":330},"2025-12-13",0.74565,{"date":332,"score":216,"percentile":333},"2025-12-14",0.74564,{"date":335,"score":216,"percentile":336},"2025-12-15",0.74567,{"date":338,"score":216,"percentile":339},"2025-12-16",0.74579,{"date":341,"score":216,"percentile":342},"2025-12-17",0.74589,{"date":344,"score":216,"percentile":345},"2025-12-18",0.74611,{"date":347,"score":216,"percentile":348},"2025-12-19",0.74627,{"date":350,"score":216,"percentile":351},"2025-12-20",0.74624,{"date":353,"score":216,"percentile":354},"2025-12-21",0.74617,{"date":356,"score":216,"percentile":354},"2025-12-22",{"date":358,"score":216,"percentile":359},"2025-12-23",0.74612,{"date":361,"score":362,"percentile":363},"2025-12-24",0.00642,0.69976,{"date":365,"score":362,"percentile":366},"2025-12-25",0.70001,{"date":368,"score":362,"percentile":366},"2025-12-26",{"date":370,"score":371,"percentile":372},"2025-12-27",0.00887,0.74961,{"date":374,"score":362,"percentile":375},"2025-12-28",0.69974,{"date":377,"score":362,"percentile":378},"2025-12-29",0.69971,{"date":380,"score":362,"percentile":381},"2025-12-30",0.69984,{"date":383,"score":362,"percentile":384},"2025-12-31",0.70003,{"date":386,"score":297,"percentile":387},"2026-01-01",0.30249,{"date":389,"score":297,"percentile":390},"2026-01-02",0.30242,{"date":392,"score":297,"percentile":393},"2026-01-03",0.30218,{"date":395,"score":362,"percentile":366},"2026-01-04",{"date":397,"score":362,"percentile":398},"2026-01-05",0.69993,{"date":400,"score":362,"percentile":401},"2026-01-06",0.7,{"date":403,"score":362,"percentile":404},"2026-01-07",0.70014,{"date":406,"score":362,"percentile":407},"2026-01-08",0.70029,{"date":409,"score":362,"percentile":410},"2026-01-09",0.70035,{"date":412,"score":362,"percentile":410},"2026-01-10",{"date":414,"score":362,"percentile":407},"2026-01-11",{"date":416,"score":362,"percentile":417},"2026-01-12",0.70024,{"date":419,"score":362,"percentile":420},"2026-01-13",0.7002,{"date":422,"score":362,"percentile":423},"2026-01-14",0.7005,{"date":425,"score":362,"percentile":426},"2026-01-15",0.70056,{"date":428,"score":362,"percentile":429},"2026-01-16",0.70074,{"date":431,"score":362,"percentile":432},"2026-01-17",0.70067,{"date":434,"score":362,"percentile":435},"2026-01-18",0.70047,{"date":437,"score":362,"percentile":438},"2026-01-19",0.70039,{"date":440,"score":362,"percentile":441},"2026-01-20",0.70046,{"date":443,"score":362,"percentile":423},"2026-01-21",{"date":445,"score":362,"percentile":446},"2026-01-22",0.70062,{"date":448,"score":362,"percentile":449},"2026-01-23",0.70095,{"date":451,"score":362,"percentile":452},"2026-01-24",0.701,{"date":454,"score":362,"percentile":455},"2026-01-25",0.7007,{"date":457,"score":362,"percentile":458},"2026-01-26",0.70066,{"date":460,"score":362,"percentile":461},"2026-01-27",0.70069,{"date":463,"score":362,"percentile":464},"2026-01-28",0.70083,{"date":466,"score":362,"percentile":467},"2026-01-29",0.70081,{"date":469,"score":362,"percentile":470},"2026-01-30",0.7009,{"date":472,"score":362,"percentile":449},"2026-01-31",{"date":474,"score":297,"percentile":475},"2026-02-01",0.2982,[477,487],{"source":86,"cvss_v2_0":478,"cvss_v3_0":9,"cvss_v3_1":483,"cvss_v4_0":9},{"baseScore":479,"baseSeverity":9,"vectorString":480,"impactScore":481,"exploitabilityScore":482},4.4,"AV:L/AC:M/Au:N/C:P/I:P/A:P",6.4,3.4,{"baseScore":4,"baseSeverity":484,"vectorString":87,"impactScore":485,"exploitabilityScore":486},"HIGH",9.8,2.6,{"source":93,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":488,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":87,"impactScore":485,"exploitabilityScore":486},[490,503,520,528,539,558,567,573],{"ecosystem":9,"name":491,"vendor":492,"product":493,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":495},"Apache Tomcat","apache software foundation","apache tomcat","a",[496,499,501],{"version":497,"is_range":81,"range_type":92,"version_start":497,"version_start_type":498,"version_end":497,"version_end_type":498,"fixed_in":9},"9.0.0.M1 to 9.0.28","including",{"version":500,"is_range":81,"range_type":92,"version_start":500,"version_start_type":498,"version_end":500,"version_end_type":498,"fixed_in":9},"8.5.0 to 8.5.47",{"version":502,"is_range":81,"range_type":92,"version_start":502,"version_start_type":498,"version_end":502,"version_end_type":498,"fixed_in":9},"7.0.0 to 7.0.97",{"ecosystem":9,"name":504,"vendor":9,"product":504,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":505},"Tomcat",[506,512,516],{"version":507,"is_range":508,"range_type":509,"version_start":510,"version_start_type":498,"version_end":511,"version_end_type":498,"fixed_in":9},"gte7.0.0_lte7.0.97",true,"cpe","7.0.0","7.0.97",{"version":513,"is_range":508,"range_type":509,"version_start":514,"version_start_type":498,"version_end":515,"version_end_type":498,"fixed_in":9},"gte8.5.0_lte8.5.47","8.5.0","8.5.47",{"version":517,"is_range":508,"range_type":509,"version_start":518,"version_start_type":498,"version_end":519,"version_end_type":498,"fixed_in":9},"gte9.0.0_lte9.0.28","9.0.0","9.0.28",{"ecosystem":9,"name":521,"vendor":522,"product":523,"cpe_part":524,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":525},"ubuntu linux","canonical","ubuntu_linux","o",[526],{"version":527,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"ecosystem":9,"name":529,"vendor":530,"product":531,"cpe_part":524,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":532},"debian linux","debian","debian_linux",[533,535,537],{"version":534,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":536,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":538,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":540,"name":541,"vendor":542,"product":543,"cpe_part":9,"purl_type":544,"purl_namespace":542,"purl_name":543,"source":9,"versions":545},"Maven","org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core","maven",[546,551,555],{"version":547,"is_range":508,"range_type":548,"version_start":9,"version_start_type":9,"version_end":549,"version_end_type":550,"fixed_in":9},"lt7_0_99","ecosystem","7.0.99","excluding",{"version":552,"is_range":508,"range_type":548,"version_start":553,"version_start_type":498,"version_end":554,"version_end_type":550,"fixed_in":9},"gte8_0_0_lt8_5_49","8.0.0","8.5.49",{"version":556,"is_range":508,"range_type":548,"version_start":518,"version_start_type":498,"version_end":557,"version_end_type":550,"fixed_in":9},"gte9_0_0_lt9_0_29","9.0.29",{"ecosystem":9,"name":559,"vendor":560,"product":561,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":562},"oncommand system manager","netapp","oncommand_system_manager",[563],{"version":564,"is_range":508,"range_type":509,"version_start":565,"version_start_type":498,"version_end":566,"version_end_type":498,"fixed_in":9},"gte3.0.0_lte3.1.3","3.0.0","3.1.3",{"ecosystem":9,"name":568,"vendor":569,"product":568,"cpe_part":524,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":570},"leap","opensuse",[571],{"version":572,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":574,"vendor":575,"product":576,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":577},"workload manager","oracle","workload_manager",[578,580,582],{"version":579,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.0.1",{"version":581,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18c",{"version":583,"is_range":81,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19c"]