Vulnerability-Lookup

CVE-2020-13936 (GCVE-0-2020-13936)

Vulnerability from cvelistv5 – Published: 2021-03-10 08:00 – Updated: 2025-02-13 16:27

Title

Velocity Sandbox Bypass

Summary

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Severity

No CVSS data available.

CWE

Velocity Sandbox Bypass

Assigner

apache

References

24 references

URL	Tags
https://lists.apache.org/thread.html/r01043f584cb…	x_refsource_MISC
https://lists.apache.org/thread.html/r01043f584cb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb042f3b0090…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/10/1	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3ea4c4c9085…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd2a89e17e8a…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re641197d204…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbee7270556f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/reab5978b54a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd7e865c87f9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re8e7482fe54…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0bc98e9cd08…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r39de20c7e9c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r17cb932fab1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4cd59453b65…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7f209b83721…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r293284c6806…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf7d369de88d…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202107-52	vendor-advisoryx_refsource_GENTOO
https://lists.apache.org/thread.html/r9dc25056517…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r52a5129df40…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Velocity Engine	Affected: Apache Velocity Engine , ≤ 2.2 (custom)

Credits

This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
          },
          {
            "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
          },
          {
            "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
          },
          {
            "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
          },
          {
            "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "GLSA-202107-52",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-52"
          },
          {
            "name": "[activemq-users] 20210830 Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-users] 20210831 RE: Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Velocity Engine",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "Apache Velocity Engine",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Velocity Sandbox Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-04T12:34:05.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
        },
        {
          "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
        },
        {
          "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
        },
        {
          "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
        },
        {
          "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "GLSA-202107-52",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-52"
        },
        {
          "name": "[activemq-users] 20210830 Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-users] 20210831 RE: Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Velocity Sandbox Bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3.  This version adds additional default restrictions on what methods/properties can be accessed in a template."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-13936",
          "STATE": "PUBLIC",
          "TITLE": "Velocity Sandbox Bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Velocity Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache Velocity Engine",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Velocity Sandbox Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
            },
            {
              "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E"
            },
            {
              "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
            },
            {
              "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
            },
            {
              "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "GLSA-202107-52",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-52"
            },
            {
              "name": "[activemq-users] 20210830 Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-users] 20210831 RE: Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3.  This version adds additional default restrictions on what methods/properties can be accessed in a template."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13936",
    "datePublished": "2021-03-10T08:00:19.000Z",
    "dateReserved": "2020-06-08T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:29.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-13936",
      "date": "2026-05-31",
      "epss": "0.16764",
      "percentile": "0.9506"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-13936\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-03-10T08:15:14.103\",\"lastModified\":\"2024-11-21T05:02:11.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.\"},{\"lang\":\"es\",\"value\":\"Un atacante que es capaz de modificar las plantillas de Velocity puede ejecutar c\u00f3digo Java arbitrario o ejecutar comandos de sistema arbitrarios con los mismos privilegios que la cuenta que ejecuta el contenedor Servlet.\u0026#xa0;Esto se aplica a las aplicaciones que permiten a usuarios no confiables cargar y modificar plantillas de velocidad que ejecutan versiones de Apache Velocity Engine versiones hasta la 2.2\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:velocity_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3\",\"matchCriteriaId\":\"DE517B12-7101-4325-9037-A0839126C725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:wss4j:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F17078E-4D83-49E7-99CE-5174C073DD68\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F834ACC-D65B-4CA3-91F1-415CBC6077E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"0445461D-21F4-4744-91E3-A92C673E947D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473749BD-267E-480F-8E7F-C762702DB66E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320D36DA-D99F-4149-B582-3F4AB2F41A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E502A46-BAF4-4558-BC8F-9F014A2FB26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C542DC5E-6657-4178-9C69-46FD3C187D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"6D0F559E-0790-461B-ACED-5B00F4D40893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4479F76A-4B67-41CC-98C7-C76B81050F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D45E2D-241B-4839-B255-A81107BF94BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD311C33-A309-44D5-BBFB-539D72C7F8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA6B655-A445-42E5-B6D9-70AB1C04774A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_office_cloud_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DEDDCE7-7763-4F8B-AB25-EC3D8899303A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_office_cloud_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45F95965-9958-4F05-819D-C59FAE2E1D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_office_cloud_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E4D2EE-7439-4958-9503-9A3974DC86D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_office_cloud_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F03331-16D3-440F-9577-D2A7835F7638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_office_cloud_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E6216CE-BB56-4996-B6C1-D461EEFD496E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B4C338-11E1-4235-9D5A-960B2711AC39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C93F84E-9680-44EF-8656-D27440B51698\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/10/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-52\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/10/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-52\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-1808

Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-07-18 22:00

Summary

Oracle Financial Services Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-28708

In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-28439

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-25194

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-24998

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-20863

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-20861

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-1436

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-1370

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-48285

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-46364

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-45693

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-45199

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-45143

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-45047

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42890

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42003

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-41966

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-41881

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-36033

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-33879

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-3171

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-31692

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-31129

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-2048

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-1471

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2021-37533

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2020-13936

Affected products

Known affected 26 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1`	—
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0`	—
Oracle Financial Services Applications 8.0.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7`	—
Oracle Financial Services Applications 14.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0`	—
Oracle Financial Services Applications 8.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2`	—
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	—
Oracle Financial Services Applications 14.6.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.3.0`	—
Oracle Financial Services Applications 14.7.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.1.0`	—
Oracle Financial Services Applications 14.6.0.4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.4.0`	—
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	—
Oracle Financial Services Applications 14.5.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.8.0`	—
Oracle Financial Services Applications 14.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6`	—
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	—
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	—
Oracle Financial Services Applications 18.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2.0.0.0`	—
Oracle Financial Services Applications 18.3.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3.0.0.0`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 14.7.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.1.0.0`	—
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	—
Oracle Financial Services Applications 14.7.0.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.2.0`	—
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.3`	—
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Financial Services ist eine Zusammenstellung  von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1808 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1808.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1808 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1808"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Financial Services Applications vom 2023-07-18",
        "url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixIFLX"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-07-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:51.752+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1808",
      "initial_release_date": "2023-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.0",
                  "product_id": "T018983",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications \u003c= 14.3",
                "product": {
                  "name": "Oracle Financial Services Applications \u003c= 14.3",
                  "product_id": "T019887",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1",
                  "product_id": "T019891",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7",
                  "product_id": "T021676",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8",
                  "product_id": "T021677",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.1",
                  "product_id": "T022835",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.1",
                  "product_id": "T022844",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.2",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.2",
                  "product_id": "T024990",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications \u003c= 14.7",
                "product": {
                  "name": "Oracle Financial Services Applications \u003c= 14.7",
                  "product_id": "T027348",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.4",
                  "product_id": "T027351",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.6",
                "product": {
                  "name": "Oracle Financial Services Applications 14.6",
                  "product_id": "T027355",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 18.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 18.2.0.0.0",
                  "product_id": "T028691",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:18.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 18.3.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 18.3.0.0.0",
                  "product_id": "T028692",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:18.3.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 19.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 19.1.0.0.0",
                  "product_id": "T028693",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 19.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 19.2.0.0.0",
                  "product_id": "T028694",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 21.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 21.1.0.0.0",
                  "product_id": "T028695",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 22.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.1.0.0.0",
                  "product_id": "T028696",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 22.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.2.0.0.0",
                  "product_id": "T028697",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.7.0.2.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.2.0",
                  "product_id": "T028698",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.2.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.7.1.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.1.0.0",
                  "product_id": "T028699",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.5.0.8.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.5.0.8.0",
                  "product_id": "T028700",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.5.0.8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.6.0.4.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.6.0.4.0",
                  "product_id": "T028701",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.0.0",
                  "product_id": "T028702",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.6.0.3.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.6.0.3.0",
                  "product_id": "T028703",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.7.0.1.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.1.0",
                  "product_id": "T028704",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2",
                  "product_id": "T028705",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.5",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.5",
                  "product_id": "T028706",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 14.7.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0",
                  "product_id": "T028707",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28439",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28439"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2022-48285",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-48285"
    },
    {
      "cve": "CVE-2022-46364",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-46364"
    },
    {
      "cve": "CVE-2022-45693",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45693"
    },
    {
      "cve": "CVE-2022-45199",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45199"
    },
    {
      "cve": "CVE-2022-45143",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45143"
    },
    {
      "cve": "CVE-2022-45047",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45047"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-33879",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-33879"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-31692",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-31692"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-2048",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-2048"
    },
    {
      "cve": "CVE-2022-1471",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T019891",
          "T021677",
          "T022844",
          "T018983",
          "T021676",
          "T028707",
          "T028705",
          "T028706",
          "T028703",
          "T028704",
          "T028701",
          "T028702",
          "T028700",
          "T027355",
          "T028693",
          "T028694",
          "T028691",
          "T028692",
          "T022835",
          "T028699",
          "T028697",
          "T028698",
          "T028695",
          "T024990",
          "T028696"
        ],
        "last_affected": [
          "T019887",
          "T027348"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    }
  ]
}

WID-SEC-W-2023-2700

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-12-12 23:00

Summary

Atlassian Confluence: Mehrere Schwachstellen

Severity

Kritisch

Notes

Produktbeschreibung: Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-28709

In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen. Für die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-25194

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22515

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22514

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-1370

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-45688

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-45685

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42004

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42003

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-41906

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-40152

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-3509

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-3171

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-25647

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-46877

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-31684

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-22569

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2020-36518

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2020-13936

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2019-13990

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Confluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nBamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2700 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2700.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2700 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2700"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Update vom 2023-10-17",
        "url": "https://confluence.atlassian.com/security/security-bulletin-october-17-2023-1299929380.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
        "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Confluence: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:13.228+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2700",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.7",
                  "product_id": "1529586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
                  "product_id": "T030667",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.5_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
                  "product_id": "T030668",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.1_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
                  "product_id": "T030669",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.3_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.5",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.5",
                  "product_id": "T031324",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
                  "product_id": "T030666",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.1_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 7.21.18",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 7.21.18",
                  "product_id": "T031325",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.9.7",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.9.7",
                  "product_id": "T031614",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.11.6",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.11.6",
                  "product_id": "T031615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.12.4",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.12.4",
                  "product_id": "T031616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.13.3",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.13.3",
                  "product_id": "T031617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.14.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.14.2",
                  "product_id": "T031618",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
                  "product_id": "T030660",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.3_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
                  "product_id": "T030662",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.2_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
                  "product_id": "T030663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.3_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.3.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.3.4",
                  "product_id": "T030846",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 7.19.17",
                "product": {
                  "name": "Atlassian Confluence \u003c 7.19.17",
                  "product_id": "T031609",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.4.5",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.4.5",
                  "product_id": "T031610",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.5.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.5.4",
                  "product_id": "T031611",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.6.2",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.6.2",
                  "product_id": "T031612",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.7.1",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.7.1",
                  "product_id": "T031613",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
                "product": {
                  "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
                  "product_id": "T030664",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:4.20.27_service_management_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
                "product": {
                  "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
                  "product_id": "T030665",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:5.4.11_service_management_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 9.4.13",
                "product": {
                  "name": "Atlassian Jira Software \u003c 9.4.13",
                  "product_id": "T031606",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:9.4.13"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                  "product_id": "T031607",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                  "product_id": "T031608",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira Software"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28709",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28709"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-22515",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22515"
    },
    {
      "cve": "CVE-2023-22514",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22514"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45685",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45685"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41906",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-41906"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-3509",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2021-46877",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-46877"
    },
    {
      "cve": "CVE-2021-31684",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-31684"
    },
    {
      "cve": "CVE-2021-22569",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2019-13990",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2019-13990"
    }
  ]
}

WID-SEC-W-2025-0818

Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2020-13936

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2020-25649

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-26464

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-11053

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-11612

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-25710

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-28168

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-29857

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-38476

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-40896

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47072

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47554

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47561

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-50602

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-52046

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-56337

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-7254

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-9143

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-23184

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-24970

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-27363

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0818 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0818.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0818 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0818"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Fusion Middleware vom 2025-04-15",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixFMW"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-16T09:16:22.604+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0818",
      "initial_release_date": "2025-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.2.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.2.0.0",
                  "product_id": "T040467",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13936",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2020-25649",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2023-26464",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-26464"
    },
    {
      "cve": "CVE-2024-11053",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-11053"
    },
    {
      "cve": "CVE-2024-11612",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-11612"
    },
    {
      "cve": "CVE-2024-25710",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-28168",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2024-29857",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-38476",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38476"
    },
    {
      "cve": "CVE-2024-40896",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-40896"
    },
    {
      "cve": "CVE-2024-47072",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-50602",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-50602"
    },
    {
      "cve": "CVE-2024-52046",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-52046"
    },
    {
      "cve": "CVE-2024-56337",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-9143",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-27363",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-27363"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-13936 (GCVE-0-2020-13936)

WID-SEC-W-2023-1808

WID-SEC-W-2023-2700

WID-SEC-W-2025-0818

Tags

Sightings

Nomenclature