Vulnerability-Lookup

CVE-2022-42920 (GCVE-0-2022-42920)

Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2024-08-03 13:19

Title

Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

Summary

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Severity

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

apache

References

6 references

URL	Tags
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm…
http://www.openwall.com/lists/oss-security/2022/11/07/2	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202401-25	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Commons BCEL	Affected: Apache Commons BCEL , < 6.6.0 (custom)

Credits

Reported by Felix Wilhelm (Google); GitHub pull request to Apache Commons BCEL #147 by Richard Atkins (https://github.com/rjatkins); PR derived from OpenJDK (https://github.com/openjdk/jdk11u/) commit 13bf52c8d876528a43be7cb77a1f452d29a21492 by Aleksei Voitylov and RealCLanger (Christoph Langer https://github.com/RealCLanger)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
          },
          {
            "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
          },
          {
            "name": "FEDORA-2022-01a56f581c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/"
          },
          {
            "name": "FEDORA-2022-0e358addb8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/"
          },
          {
            "name": "FEDORA-2022-f60a52e054",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/"
          },
          {
            "name": "GLSA-202401-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Commons BCEL",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "6.6.0",
              "status": "affected",
              "version": "Apache Commons BCEL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Felix Wilhelm (Google); GitHub pull request to Apache Commons BCEL #147 by Richard Atkins (https://github.com/rjatkins); PR derived from OpenJDK (https://github.com/openjdk/jdk11u/) commit 13bf52c8d876528a43be7cb77a1f452d29a21492 by Aleksei Voitylov and RealCLanger (Christoph Langer https://github.com/RealCLanger)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-17T15:06:37.552Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
        },
        {
          "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
        },
        {
          "name": "FEDORA-2022-01a56f581c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/"
        },
        {
          "name": "FEDORA-2022-0e358addb8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/"
        },
        {
          "name": "FEDORA-2022-f60a52e054",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/"
        },
        {
          "name": "GLSA-202401-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-25"
        }
      ],
      "source": {
        "defect": [
          "BCEL-363"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-42920",
    "datePublished": "2022-11-07T00:00:00.000Z",
    "dateReserved": "2022-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T13:19:05.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-42920",
      "date": "2026-05-30",
      "epss": "0.03797",
      "percentile": "0.88281"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42920\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-11-07T13:15:10.270\",\"lastModified\":\"2024-11-21T07:25:35.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.\"},{\"lang\":\"es\",\"value\":\"Apache Commons BCEL tiene una serie de API que normalmente solo permitir\u00edan cambiar caracter\u00edsticas de clase espec\u00edficas. Sin embargo, debido a un problema de escritura fuera de l\u00edmites, estas API se pueden utilizar para producir c\u00f3digo de bytes arbitrario. Se podr\u00eda abusar de esto en aplicaciones que pasan datos controlables por el atacante a esas API, lo que le da al atacante m\u00e1s control sobre el c\u00f3digo de bytes resultante del que se esperar\u00eda. Actualizaci\u00f3n a Apache Commons BCEL 6.6.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_bcel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.6.0\",\"matchCriteriaId\":\"4EDE5588-DA3A-40CD-8AD3-D35652C1FD2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/07/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/07/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LX3HEB4TV2BVCGDTK5BCLSYOZNQTOBN4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAMRHAKGIKZNHRBB4VLYTOIOIMMXCUCD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMVX6COVXZVS5GPWDODIRW6Z2GE7RPAQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2023:4983

Vulnerability from csaf_redhat - Published: 2023-09-05 18:37 - Updated: 2026-05-14 22:33

Summary

Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Security Fixes: * apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599) * protobuf-java: timeout in parser leads to DoS (CVE-2022-3171) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * RESTEasy: creation of insecure temp files (CVE-2023-0482) * sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-3143

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3509

A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-3510

A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4492

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-550 - Server-generated Error Message Containing Sensitive Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-25857

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-37599

A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-38900

A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-40152

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42920

An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-0482

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-378 - Creation of Temporary File With Insecure Permissions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-20860

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-155 - Improper Neutralization of Wildcards or Matching Symbols

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-20861

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-20883

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-24998

A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
RHPAM 7.13.4 async Red Hat / Red Hat Process Automation Manager	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

References

100 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:4983	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1981527	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134291	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134872	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137645	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://bugzilla.redhat.com/show_bug.cgi?id=2166004	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://bugzilla.redhat.com/show_bug.cgi?id=2180528	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209342	external
https://issues.redhat.com/browse/RHPAM-4639	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-30129	self
https://bugzilla.redhat.com/show_bug.cgi?id=1981527	external
https://www.cve.org/CVERecord?id=CVE-2021-30129	external
https://nvd.nist.gov/vuln/detail/CVE-2021-30129	external
https://access.redhat.com/security/cve/CVE-2022-3143	self
https://bugzilla.redhat.com/show_bug.cgi?id=2124682	external
https://www.cve.org/CVERecord?id=CVE-2022-3143	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3143	external
https://access.redhat.com/security/cve/CVE-2022-3171	self
https://bugzilla.redhat.com/show_bug.cgi?id=2137645	external
https://www.cve.org/CVERecord?id=CVE-2022-3171	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3171	external
https://github.com/protocolbuffers/protobuf/secur…	external
https://access.redhat.com/security/cve/CVE-2022-3509	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184161	external
https://www.cve.org/CVERecord?id=CVE-2022-3509	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3509	external
https://access.redhat.com/security/cve/CVE-2022-3510	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184176	external
https://www.cve.org/CVERecord?id=CVE-2022-3510	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3510	external
https://access.redhat.com/security/cve/CVE-2022-4492	self
https://bugzilla.redhat.com/show_bug.cgi?id=2153260	external
https://www.cve.org/CVERecord?id=CVE-2022-4492	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4492	external
https://access.redhat.com/security/cve/CVE-2022-25857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://www.cve.org/CVERecord?id=CVE-2022-25857	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25857	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/525	external
https://access.redhat.com/security/cve/CVE-2022-37599	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134872	external
https://www.cve.org/CVERecord?id=CVE-2022-37599	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37599	external
https://github.com/advisories/GHSA-hhq3-ff78-jv3g	external
https://github.com/webpack/loader-utils/issues/211	external
https://access.redhat.com/security/cve/CVE-2022-38900	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170644	external
https://www.cve.org/CVERecord?id=CVE-2022-38900	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38900	external
https://github.com/SamVerschueren/decode-uri-comp…	external
https://github.com/advisories/GHSA-w573-4hg7-7wgq	external
https://access.redhat.com/security/cve/CVE-2022-40152	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134291	external
https://www.cve.org/CVERecord?id=CVE-2022-40152	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40152	external
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4	external
https://access.redhat.com/security/cve/CVE-2022-41854	self
https://bugzilla.redhat.com/show_bug.cgi?id=2151988	external
https://www.cve.org/CVERecord?id=CVE-2022-41854	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41854	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/…	external
https://bugs.chromium.org/p/oss-fuzz/issues/detai…	external
https://access.redhat.com/security/cve/CVE-2022-42920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://www.cve.org/CVERecord?id=CVE-2022-42920	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42920	external
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm…	external
https://access.redhat.com/security/cve/CVE-2022-45047	self
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://www.cve.org/CVERecord?id=CVE-2022-45047	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
https://www.mail-archive.com/dev@mina.apache.org/…	external
https://access.redhat.com/security/cve/CVE-2023-0482	self
https://bugzilla.redhat.com/show_bug.cgi?id=2166004	external
https://www.cve.org/CVERecord?id=CVE-2023-0482	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0482	external
https://access.redhat.com/security/cve/CVE-2023-20860	self
https://bugzilla.redhat.com/show_bug.cgi?id=2180528	external
https://www.cve.org/CVERecord?id=CVE-2023-20860	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20860	external
https://spring.io/blog/2023/03/20/spring-framewor…	external
https://access.redhat.com/security/cve/CVE-2023-20861	self
https://bugzilla.redhat.com/show_bug.cgi?id=2180530	external
https://www.cve.org/CVERecord?id=CVE-2023-20861	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20861	external
https://access.redhat.com/security/cve/CVE-2023-20883	self
https://bugzilla.redhat.com/show_bug.cgi?id=2209342	external
https://www.cve.org/CVERecord?id=CVE-2023-20883	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20883	external
https://access.redhat.com/security/cve/CVE-2023-24998	self
https://bugzilla.redhat.com/show_bug.cgi?id=2172298	external
https://www.cve.org/CVERecord?id=CVE-2023-24998	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24998	external
https://commons.apache.org/proper/commons-fileupl…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:4983",
        "url": "https://access.redhat.com/errata/RHSA-2023:4983"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1981527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
      },
      {
        "category": "external",
        "summary": "2126789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
      },
      {
        "category": "external",
        "summary": "2134291",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
      },
      {
        "category": "external",
        "summary": "2134872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
      },
      {
        "category": "external",
        "summary": "2137645",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
      },
      {
        "category": "external",
        "summary": "2142707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
      },
      {
        "category": "external",
        "summary": "2145194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
      },
      {
        "category": "external",
        "summary": "2166004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
      },
      {
        "category": "external",
        "summary": "2170644",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
      },
      {
        "category": "external",
        "summary": "2180528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
      },
      {
        "category": "external",
        "summary": "2209342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
      },
      {
        "category": "external",
        "summary": "RHPAM-4639",
        "url": "https://issues.redhat.com/browse/RHPAM-4639"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:33:03+00:00",
      "generator": {
        "date": "2026-05-14T22:33:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2023:4983",
      "initial_release_date": "2023-09-05T18:37:03+00:00",
      "revision_history": [
        {
          "date": "2023-09-05T18:37:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-09-05T18:37:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:33:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHPAM 7.13.4 async",
                "product": {
                  "name": "RHPAM 7.13.4 async",
                  "product_id": "RHPAM 7.13.4 async",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-30129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1981527"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-30129"
        },
        {
          "category": "external",
          "summary": "RHBZ#1981527",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
        }
      ],
      "release_date": "2021-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
    },
    {
      "cve": "CVE-2022-3143",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2022-09-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2124682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3143"
        },
        {
          "category": "external",
          "summary": "RHBZ#2124682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
        }
      ],
      "release_date": "2022-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
    },
    {
      "cve": "CVE-2022-3171",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2137645"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf-java: timeout in parser leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "RHBZ#2137645",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
          "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
        }
      ],
      "release_date": "2022-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "protobuf-java: timeout in parser leads to DoS"
    },
    {
      "cve": "CVE-2022-3509",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2022-12-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf-java: Textformat parsing issue leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3509"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
        }
      ],
      "release_date": "2022-12-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "protobuf-java: Textformat parsing issue leads to DoS"
    },
    {
      "cve": "CVE-2022-3510",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2022-12-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf-java: Message-Type Extensions parsing issue leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
        }
      ],
      "release_date": "2022-12-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "protobuf-java: Message-Type Extensions parsing issue leads to DoS"
    },
    {
      "cve": "CVE-2022-4492",
      "cwe": {
        "id": "CWE-550",
        "name": "Server-generated Error Message Containing Sensitive Information"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: Server identity in https connection is not checked by the undertow client",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
        }
      ],
      "release_date": "2022-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: Server identity in https connection is not checked by the undertow client"
    },
    {
      "cve": "CVE-2022-25857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2126789"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2126789",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
        }
      ],
      "release_date": "2022-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
    },
    {
      "cve": "CVE-2022-37599",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134872"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: regular expression denial of service in interpolateName.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37599"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134872",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/loader-utils/issues/211",
          "url": "https://github.com/webpack/loader-utils/issues/211"
        }
      ],
      "release_date": "2022-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: regular expression denial of service in interpolateName.js"
    },
    {
      "cve": "CVE-2022-38900",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170644"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "decode-uri-component: improper input validation resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170644",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
        },
        {
          "category": "external",
          "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
          "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
          "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
        }
      ],
      "release_date": "2022-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "decode-uri-component: improper input validation resulting in DoS"
    },
    {
      "cve": "CVE-2022-40152",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134291"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40152"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134291",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
          "url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
        }
      ],
      "release_date": "2022-09-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
    },
    {
      "cve": "CVE-2022-41854",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2151988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dev-java/snakeyaml: DoS via stack overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "RHBZ#2151988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
        }
      ],
      "release_date": "2022-11-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dev-java/snakeyaml: DoS via stack overflow"
    },
    {
      "cve": "CVE-2022-42920",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2142707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2142707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
          "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
    },
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2023-0482",
      "cwe": {
        "id": "CWE-378",
        "name": "Creation of Temporary File With Insecure Permissions"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2166004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RESTEasy: creation of insecure temp files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0482"
        },
        {
          "category": "external",
          "summary": "RHBZ#2166004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "RESTEasy: creation of insecure temp files"
    },
    {
      "cve": "CVE-2023-20860",
      "cwe": {
        "id": "CWE-155",
        "name": "Improper Neutralization of Wildcards or Matching Symbols"
      },
      "discovery_date": "2023-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2180528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "RHBZ#2180528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
          "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
        }
      ],
      "release_date": "2023-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
    },
    {
      "cve": "CVE-2023-20861",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2180530"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: Spring Expression DoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "RHBZ#2180530",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
          "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
        }
      ],
      "release_date": "2023-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "springframework: Spring Expression DoS Vulnerability"
    },
    {
      "cve": "CVE-2023-20883",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2209342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20883"
        },
        {
          "category": "external",
          "summary": "RHBZ#2209342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
        }
      ],
      "release_date": "2023-05-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
    },
    {
      "cve": "CVE-2023-24998",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2172298"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "FileUpload: FileUpload DoS with excessive parts",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.13.4 async"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24998"
        },
        {
          "category": "external",
          "summary": "RHBZ#2172298",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
        },
        {
          "category": "external",
          "summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
          "url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
        }
      ],
      "release_date": "2023-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-05T18:37:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "RHPAM 7.13.4 async"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4983"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.13.4 async"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "FileUpload: FileUpload DoS with excessive parts"
    }
  ]
}

RHSA-2024:3527

Vulnerability from csaf_redhat - Published: 2024-05-30 20:24 - Updated: 2026-05-16 16:46

Summary

Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update

Severity

Moderate

Notes

Topic: Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements. Security Fix(es): * lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520) * zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032) * RocksDB: zstd: mysql: buffer overrun in util.c (CVE-2022-4899) * netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025) * commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710) * apache-commons-text: variable interpolation RCE (CVE-2022-42889) * snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact (CVE-2023-43642) * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370) * protobuf-java: timeout in parser leads to DoS (CVE-2022-3171) * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class (CVE-2023-33202) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074) * guava: insecure temporary directory creation (CVE-2023-2976) * io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) * io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023) * quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)

CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-24032

A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-281 - Improper Preservation of Permissions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-3171

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4899

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42889

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Critical

CVE-2022-42920

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-1370

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-2976

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-33201

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33202

A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-43642

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-51074

A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-121 - Stack-based Buffer Overflow

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-2700

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-526 - Cleartext Storage of Sensitive Information in an Environment Variable

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25710

A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-29025

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.7.0 Red Hat / Streams for Apache Kafka	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

116 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3527	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1928090	external
https://bugzilla.redhat.com/show_bug.cgi?id=1954559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135435	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137645	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2179864	external
https://bugzilla.redhat.com/show_bug.cgi?id=2188542	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2241722	external
https://bugzilla.redhat.com/show_bug.cgi?id=2251281	external
https://bugzilla.redhat.com/show_bug.cgi?id=2256063	external
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://bugzilla.redhat.com/show_bug.cgi?id=2273281	external
https://issues.redhat.com/browse/ENTMQST-5619	external
https://issues.redhat.com/browse/ENTMQST-5881	external
https://issues.redhat.com/browse/ENTMQST-5882	external
https://issues.redhat.com/browse/ENTMQST-5883	external
https://issues.redhat.com/browse/ENTMQST-5884	external
https://issues.redhat.com/browse/ENTMQST-5885	external
https://issues.redhat.com/browse/ENTMQST-5886	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-3520	self
https://bugzilla.redhat.com/show_bug.cgi?id=1954559	external
https://www.cve.org/CVERecord?id=CVE-2021-3520	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3520	external
https://access.redhat.com/security/cve/CVE-2021-24032	self
https://bugzilla.redhat.com/show_bug.cgi?id=1928090	external
https://www.cve.org/CVERecord?id=CVE-2021-24032	external
https://nvd.nist.gov/vuln/detail/CVE-2021-24032	external
https://access.redhat.com/security/cve/CVE-2022-3171	self
https://bugzilla.redhat.com/show_bug.cgi?id=2137645	external
https://www.cve.org/CVERecord?id=CVE-2022-3171	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3171	external
https://github.com/protocolbuffers/protobuf/secur…	external
https://access.redhat.com/security/cve/CVE-2022-4899	self
https://bugzilla.redhat.com/show_bug.cgi?id=2179864	external
https://www.cve.org/CVERecord?id=CVE-2022-4899	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4899	external
https://access.redhat.com/security/cve/CVE-2022-42889	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135435	external
https://www.cve.org/CVERecord?id=CVE-2022-42889	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42889	external
https://blogs.apache.org/security/entry/cve-2022-42889	external
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14…	external
https://seclists.org/oss-sec/2022/q4/22	external
https://access.redhat.com/security/cve/CVE-2022-42920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://www.cve.org/CVERecord?id=CVE-2022-42920	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42920	external
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm…	external
https://access.redhat.com/security/cve/CVE-2023-1370	self
https://bugzilla.redhat.com/show_bug.cgi?id=2188542	external
https://www.cve.org/CVERecord?id=CVE-2023-1370	external
https://nvd.nist.gov/vuln/detail/CVE-2023-1370	external
https://github.com/advisories/GHSA-493p-pfq6-5258	external
https://research.jfrog.com/vulnerabilities/stack-…	external
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-33202	self
https://bugzilla.redhat.com/show_bug.cgi?id=2251281	external
https://www.cve.org/CVERecord?id=CVE-2023-33202	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33202	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33202	external
https://access.redhat.com/security/cve/CVE-2023-43642	self
https://bugzilla.redhat.com/show_bug.cgi?id=2241722	external
https://www.cve.org/CVERecord?id=CVE-2023-43642	external
https://nvd.nist.gov/vuln/detail/CVE-2023-43642	external
https://github.com/xerial/snappy-java/security/ad…	external
https://access.redhat.com/security/cve/CVE-2023-51074	self
https://bugzilla.redhat.com/show_bug.cgi?id=2256063	external
https://www.cve.org/CVERecord?id=CVE-2023-51074	external
https://nvd.nist.gov/vuln/detail/CVE-2023-51074	external
https://github.com/json-path/JsonPath/issues/973	external
https://access.redhat.com/security/cve/CVE-2024-1023	self
https://bugzilla.redhat.com/show_bug.cgi?id=2260840	external
https://www.cve.org/CVERecord?id=CVE-2024-1023	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1023	external
https://github.com/eclipse-vertx/vert.x/issues/5078	external
https://github.com/eclipse-vertx/vert.x/pull/5080	external
https://github.com/eclipse-vertx/vert.x/pull/5082	external
https://access.redhat.com/security/cve/CVE-2024-1300	self
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	external
https://www.cve.org/CVERecord?id=CVE-2024-1300	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1300	external
https://vertx.io/docs/vertx-core/java/#_server_na…	external
https://access.redhat.com/security/cve/CVE-2024-2700	self
https://bugzilla.redhat.com/show_bug.cgi?id=2273281	external
https://www.cve.org/CVERecord?id=CVE-2024-2700	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2700	external
https://access.redhat.com/security/cve/CVE-2024-25710	self
https://bugzilla.redhat.com/show_bug.cgi?id=2264988	external
https://www.cve.org/CVERecord?id=CVE-2024-25710	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25710	external
http://www.openwall.com/lists/oss-security/2024/02/19/1	external
https://lists.apache.org/thread/cz8qkcwphy4cx8glt…	external
https://access.redhat.com/security/cve/CVE-2024-29025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272907	external
https://www.cve.org/CVERecord?id=CVE-2024-29025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29025	external
https://gist.github.com/vietj/f558b8ea81ec6505f1e…	external
https://github.com/netty/netty/commit/0d0c6ed782d…	external
https://github.com/netty/netty/security/advisorie…	external
https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.6.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* lz4: memory corruption due to an integer overflow bug caused by memmove argument  (CVE-2021-3520)\n* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)\n* RocksDB: zstd: mysql: buffer overrun in util.c  (CVE-2022-4899)\n* netty-codec-http: Allocation of Resources Without Limits or Throttling  (CVE-2024-29025)\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact  (CVE-2023-43642)\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)  (CVE-2023-1370)\n*  protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing  (CVE-2022-42920)\n* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class  (CVE-2023-33202)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate  (CVE-2023-33201)\n* json-path: stack-based buffer overflow in Criteria.parse method  (CVE-2023-51074)\n* guava: insecure temporary directory creation  (CVE-2023-2976)\n* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n* quarkus-core: Leak of local configuration properties into Quarkus applications  (CVE-2024-2700)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3527",
        "url": "https://access.redhat.com/errata/RHSA-2024:3527"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1928090",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
      },
      {
        "category": "external",
        "summary": "1954559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
      },
      {
        "category": "external",
        "summary": "2135435",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
      },
      {
        "category": "external",
        "summary": "2137645",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
      },
      {
        "category": "external",
        "summary": "2142707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
      },
      {
        "category": "external",
        "summary": "2179864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
      },
      {
        "category": "external",
        "summary": "2188542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2241722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
      },
      {
        "category": "external",
        "summary": "2251281",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
      },
      {
        "category": "external",
        "summary": "2256063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
      },
      {
        "category": "external",
        "summary": "2260840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
      },
      {
        "category": "external",
        "summary": "2263139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
      },
      {
        "category": "external",
        "summary": "2264988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
      },
      {
        "category": "external",
        "summary": "2272907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
      },
      {
        "category": "external",
        "summary": "2273281",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5619",
        "url": "https://issues.redhat.com/browse/ENTMQST-5619"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5881",
        "url": "https://issues.redhat.com/browse/ENTMQST-5881"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5882",
        "url": "https://issues.redhat.com/browse/ENTMQST-5882"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5883",
        "url": "https://issues.redhat.com/browse/ENTMQST-5883"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5884",
        "url": "https://issues.redhat.com/browse/ENTMQST-5884"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5885",
        "url": "https://issues.redhat.com/browse/ENTMQST-5885"
      },
      {
        "category": "external",
        "summary": "ENTMQST-5886",
        "url": "https://issues.redhat.com/browse/ENTMQST-5886"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3527.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update",
    "tracking": {
      "current_release_date": "2026-05-16T16:46:38+00:00",
      "generator": {
        "date": "2026-05-16T16:46:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2024:3527",
      "initial_release_date": "2024-05-30T20:24:46+00:00",
      "revision_history": [
        {
          "date": "2024-05-30T20:24:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-25T17:26:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-16T16:46:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Streams 2.7.0",
                "product": {
                  "name": "Red Hat AMQ Streams 2.7.0",
                  "product_id": "Red Hat AMQ Streams 2.7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_streams:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Streams for Apache Kafka"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3520",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2021-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1954559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3520"
        },
        {
          "category": "external",
          "summary": "RHBZ#1954559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
        }
      ],
      "release_date": "2021-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
    },
    {
      "cve": "CVE-2021-24032",
      "cwe": {
        "id": "CWE-281",
        "name": "Improper Preservation of Permissions"
      },
      "discovery_date": "2021-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1928090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zstd: Race condition allows attacker to access world-readable destination file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.\n\nThis vulnerability can be considered low severity rather than moderate due to the fact that the elevated file permissions are only temporary and only exist during the compression or decompression process. Once the operation completes, the file permissions revert to their intended state, mirroring those of the input file. The risk is further minimized by the fact that the exposure window is brief, and the elevated permissions are not persistent. Additionally, the issue only arises during the processing of files, and only those with larger sizes or more involved operations would be at risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-24032"
        },
        {
          "category": "external",
          "summary": "RHBZ#1928090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-24032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-24032"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24032"
        }
      ],
      "release_date": "2021-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "zstd: Race condition allows attacker to access world-readable destination file"
    },
    {
      "cve": "CVE-2022-3171",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2137645"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf-java: timeout in parser leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "RHBZ#2137645",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
        },
        {
          "category": "external",
          "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
          "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
        }
      ],
      "release_date": "2022-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "protobuf-java: timeout in parser leads to DoS"
    },
    {
      "cve": "CVE-2022-4899",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2179864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zstd: mysql: buffer overrun in util.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in the zstd command-line utility is rated as Moderate Severity because it involves an Incorrect Calculation of Buffer Size (CWE-400) within the mallocAndJoin2Dir function in programs/util.c. A remote attacker can exploit this flaw by providing an input, specifically an empty string, which causes a function boundary error and results in a heap-based Out-of-Bounds Read on memory. This ultimately leads to a program crash, causing a Denial of Service condition that is limited to the specific zstd process or service instance, rather than affecting the entire host system\u0027s stability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4899"
        },
        {
          "category": "external",
          "summary": "RHBZ#2179864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4899"
        }
      ],
      "release_date": "2022-07-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "zstd: mysql: buffer overrun in util.c"
    },
    {
      "cve": "CVE-2022-42889",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2022-10-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135435"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9.  The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-text: variable interpolation RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n  - Usage of specific methods that interpolate the variables as described in the flaw\n  - Usage of external input for those methods\n  - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135435",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
          "url": "https://blogs.apache.org/security/entry/cve-2022-42889"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
          "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
        },
        {
          "category": "external",
          "summary": "https://seclists.org/oss-sec/2022/q4/22",
          "url": "https://seclists.org/oss-sec/2022/q4/22"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "apache-commons-text: variable interpolation RCE"
    },
    {
      "cve": "CVE-2022-42920",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2142707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2142707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
          "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
    },
    {
      "cve": "CVE-2023-1370",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2023-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2188542"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "RHBZ#2188542",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
          "url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
        },
        {
          "category": "external",
          "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
          "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
        }
      ],
      "release_date": "2023-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-33202",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2251281"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle for the Java pkix module, which is vulnerable to a potential Denial of Service (DoS) issue within the org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33202"
        },
        {
          "category": "external",
          "summary": "RHBZ#2251281",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251281"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33202",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33202"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202"
        }
      ],
      "release_date": "2023-11-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class"
    },
    {
      "cve": "CVE-2023-43642",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-43642"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-43642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
        },
        {
          "category": "external",
          "summary": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
          "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
        }
      ],
      "release_date": "2023-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact"
    },
    {
      "cve": "CVE-2023-51074",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2023-12-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256063"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json-path: stack-based buffer overflow in Criteria.parse method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-51074"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256063",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51074",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074"
        },
        {
          "category": "external",
          "summary": "https://github.com/json-path/JsonPath/issues/973",
          "url": "https://github.com/json-path/JsonPath/issues/973"
        }
      ],
      "release_date": "2023-12-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json-path: stack-based buffer overflow in Criteria.parse method"
    },
    {
      "cve": "CVE-2024-1023",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2024-01-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2260840"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "RHBZ#2260840",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
          "url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
        }
      ],
      "release_date": "2024-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
    },
    {
      "cve": "CVE-2024-1300",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2024-02-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2263139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This affects only TLS servers with SNI enabled.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "RHBZ#2263139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
          "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
        }
      ],
      "release_date": "2024-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
    },
    {
      "cve": "CVE-2024-2700",
      "cwe": {
        "id": "CWE-526",
        "name": "Cleartext Storage of Sensitive Information in an Environment Variable"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273281"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "quarkus-core: Leak of local configuration properties into Quarkus applications",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2700"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273281",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2700"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "quarkus-core: Leak of local configuration properties into Quarkus applications"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
          "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
          "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-04-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.7.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
        },
        {
          "category": "external",
          "summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
          "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
          "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
        }
      ],
      "release_date": "2024-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-30T20:24:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.7.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
    }
  ]
}

SUSE-SU-2022:4306-1

Vulnerability from csaf_suse - Published: 2022-12-01 08:27 - Updated: 2022-12-01 08:27

Summary

Security update for bcel

Severity

Moderate

Notes

Title of the patch: Security update for bcel

Description of the patch: This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).

Patchnames: SUSE-2022-4306,SUSE-SLE-Module-Basesystem-15-SP3-2022-4306,SUSE-SLE-Module-Basesystem-15-SP4-2022-4306,openSUSE-SLE-15.3-2022-4306,openSUSE-SLE-15.4-2022-4306

CVE-2022-42920

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:bcel-5.2-150200.11.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:bcel-5.2-150200.11.3.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:bcel-5.2-150200.11.3.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:bcel-5.2-150200.11.3.1.noarch	—	Vendor Fix

Threats

Impact important

References

9 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1205125	self
https://www.suse.com/security/cve/CVE-2022-42920/	self
https://www.suse.com/security/cve/CVE-2022-42920	external
https://bugzilla.suse.com/1205125	external
https://bugzilla.suse.com/1209316	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bcel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bcel fixes the following issues:\n\n- CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-4306,SUSE-SLE-Module-Basesystem-15-SP3-2022-4306,SUSE-SLE-Module-Basesystem-15-SP4-2022-4306,openSUSE-SLE-15.3-2022-4306,openSUSE-SLE-15.4-2022-4306",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4306-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:4306-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224306-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:4306-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013183.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205125",
        "url": "https://bugzilla.suse.com/1205125"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42920 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42920/"
      }
    ],
    "title": "Security update for bcel",
    "tracking": {
      "current_release_date": "2022-12-01T08:27:18Z",
      "generator": {
        "date": "2022-12-01T08:27:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:4306-1",
      "initial_release_date": "2022-12-01T08:27:18Z",
      "revision_history": [
        {
          "date": "2022-12-01T08:27:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bcel-5.2-150200.11.3.1.noarch",
                "product": {
                  "name": "bcel-5.2-150200.11.3.1.noarch",
                  "product_id": "bcel-5.2-150200.11.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-150200.11.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:bcel-5.2-150200.11.3.1.noarch"
        },
        "product_reference": "bcel-5.2-150200.11.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-150200.11.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:bcel-5.2-150200.11.3.1.noarch"
        },
        "product_reference": "bcel-5.2-150200.11.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-150200.11.3.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:bcel-5.2-150200.11.3.1.noarch"
        },
        "product_reference": "bcel-5.2-150200.11.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-150200.11.3.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:bcel-5.2-150200.11.3.1.noarch"
        },
        "product_reference": "bcel-5.2-150200.11.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42920",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42920"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:bcel-5.2-150200.11.3.1.noarch",
          "SUSE Linux Enterprise Module for Basesystem 15 SP4:bcel-5.2-150200.11.3.1.noarch",
          "openSUSE Leap 15.3:bcel-5.2-150200.11.3.1.noarch",
          "openSUSE Leap 15.4:bcel-5.2-150200.11.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42920",
          "url": "https://www.suse.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205125 for CVE-2022-42920",
          "url": "https://bugzilla.suse.com/1205125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209316 for CVE-2022-42920",
          "url": "https://bugzilla.suse.com/1209316"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:bcel-5.2-150200.11.3.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP4:bcel-5.2-150200.11.3.1.noarch",
            "openSUSE Leap 15.3:bcel-5.2-150200.11.3.1.noarch",
            "openSUSE Leap 15.4:bcel-5.2-150200.11.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:bcel-5.2-150200.11.3.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP4:bcel-5.2-150200.11.3.1.noarch",
            "openSUSE Leap 15.3:bcel-5.2-150200.11.3.1.noarch",
            "openSUSE Leap 15.4:bcel-5.2-150200.11.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-12-01T08:27:18Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42920"
    }
  ]
}

SUSE-SU-2022:4331-1

Vulnerability from csaf_suse - Published: 2022-12-06 12:34 - Updated: 2022-12-06 12:34

Summary

Security update for bcel

Severity

Moderate

Notes

Title of the patch: Security update for bcel

Description of the patch: This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).

Patchnames: SUSE-2022-4331,SUSE-SLE-SERVER-12-SP5-2022-4331

CVE-2022-42920

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1.noarch		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1.noarch		—	Vendor Fix

Threats

Impact important

References

9 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1205125	self
https://www.suse.com/security/cve/CVE-2022-42920/	self
https://www.suse.com/security/cve/CVE-2022-42920	external
https://bugzilla.suse.com/1205125	external
https://bugzilla.suse.com/1209316	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bcel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bcel fixes the following issues:\n\n- CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-4331,SUSE-SLE-SERVER-12-SP5-2022-4331",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4331-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:4331-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224331-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:4331-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013192.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205125",
        "url": "https://bugzilla.suse.com/1205125"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42920 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42920/"
      }
    ],
    "title": "Security update for bcel",
    "tracking": {
      "current_release_date": "2022-12-06T12:34:27Z",
      "generator": {
        "date": "2022-12-06T12:34:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:4331-1",
      "initial_release_date": "2022-12-06T12:34:27Z",
      "revision_history": [
        {
          "date": "2022-12-06T12:34:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bcel-5.2-28.3.1.noarch",
                "product": {
                  "name": "bcel-5.2-28.3.1.noarch",
                  "product_id": "bcel-5.2-28.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-28.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1.noarch"
        },
        "product_reference": "bcel-5.2-28.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bcel-5.2-28.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1.noarch"
        },
        "product_reference": "bcel-5.2-28.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42920",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42920"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42920",
          "url": "https://www.suse.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205125 for CVE-2022-42920",
          "url": "https://bugzilla.suse.com/1205125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209316 for CVE-2022-42920",
          "url": "https://bugzilla.suse.com/1209316"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-12-06T12:34:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42920"
    }
  ]
}

WID-SEC-W-2022-1961

Vulnerability from csaf_certbund - Published: 2022-11-06 23:00 - Updated: 2025-05-29 22:00

Summary

Apache Commons: Schwachstelle ermöglicht Codeausführung

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2022-42920

Affected products

Known affected 11 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Apache Commons <BCEL 6.6.0 Apache / Commons		<BCEL 6.6.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
IBM Maximo Asset Management 7.6.1 IBM / Maximo Asset Management	`cpe:/a:ibm:maximo_asset_management:7.6.1`	7.6.1
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM SPSS IBM	`cpe:/a:ibm:spss:-`	—

References

27 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://seclists.org/oss-sec/2022/q4/125	external
https://seclists.org/oss-sec/2022/q4/127	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2022:8958	external
https://access.redhat.com/errata/RHSA-2022:8959	external
http://linux.oracle.com/errata/ELSA-2022-8958.html	external
https://access.redhat.com/errata/RHSA-2023:0004	external
https://access.redhat.com/errata/RHSA-2023:0005	external
http://linux.oracle.com/errata/ELSA-2023-0005.html	external
https://www.ibm.com/support/pages/node/6853681	external
https://alas.aws.amazon.com/ALAS-2023-1668.html	external
https://alas.aws.amazon.com/AL2022/ALAS-2023-275.html	external
https://access.redhat.com/errata/RHSA-2023:0471	external
https://access.redhat.com/errata/RHSA-2023:0470	external
https://access.redhat.com/errata/RHSA-2023:0934	external
https://www.ibm.com/support/pages/node/6991671	external
https://access.redhat.com/errata/RHSA-2023:3954	external
https://lists.centos.org/pipermail/centos-announc…	external
https://access.redhat.com/errata/RHSA-2023:4983	external
https://security.gentoo.org/glsa/202405-16	external
https://access.redhat.com/errata/RHSA-2024:3527	external
https://ubuntu.com/security/notices/USN-7208-1	external
https://www.ibm.com/support/pages/node/7233131	external
https://www.ibm.com/support/pages/node/7234926	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1961 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1961.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1961 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1961"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2022-11-06",
        "url": "https://seclists.org/oss-sec/2022/q4/125"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2022-11-06",
        "url": "https://seclists.org/oss-sec/2022/q4/127"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4306-1 vom 2022-12-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013183.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4331-1 vom 2022-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013192.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8958 vom 2022-12-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:8958"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8959 vom 2022-12-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:8959"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-8958 vom 2022-12-14",
        "url": "http://linux.oracle.com/errata/ELSA-2022-8958.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0004 vom 2023-01-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:0004"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0005 vom 2023-01-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:0005"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-0005 vom 2023-01-03",
        "url": "http://linux.oracle.com/errata/ELSA-2023-0005.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6853681 vom 2023-01-09",
        "url": "https://www.ibm.com/support/pages/node/6853681"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1668 vom 2023-01-24",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1668.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-275 vom 2023-01-25",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-275.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0471 vom 2023-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2023:0471"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0470 vom 2023-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2023:0470"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0934 vom 2023-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:0934"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6991671 vom 2023-05-15",
        "url": "https://www.ibm.com/support/pages/node/6991671"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
        "url": "https://access.redhat.com/errata/RHSA-2023:3954"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2022:8958 vom 2023-07-28",
        "url": "https://lists.centos.org/pipermail/centos-announce/2023-July/086406.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:4983"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202405-16 vom 2024-05-05",
        "url": "https://security.gentoo.org/glsa/202405-16"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3527 vom 2024-05-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:3527"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7208-1 vom 2025-01-16",
        "url": "https://ubuntu.com/security/notices/USN-7208-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7233131 vom 2025-05-12",
        "url": "https://www.ibm.com/support/pages/node/7233131"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7234926 vom 2025-05-28",
        "url": "https://www.ibm.com/support/pages/node/7234926"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Commons: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-05-29T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-30T09:12:22.144+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2022-1961",
      "initial_release_date": "2022-11-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-11-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-12-01T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-12-04T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-0E358ADDB8, FEDORA-2022-01A56F581C, FEDORA-2022-F60A52E054"
        },
        {
          "date": "2022-12-06T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-12-13T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2023-01-01T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-03T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-01-09T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-01-26T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-27T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-15T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-07-30T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2023-09-05T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-05T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "20"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cBCEL 6.6.0",
                "product": {
                  "name": "Apache Commons \u003cBCEL 6.6.0",
                  "product_id": "T025227"
                }
              },
              {
                "category": "product_version",
                "name": "BCEL 6.6.0",
                "product": {
                  "name": "Apache Commons BCEL 6.6.0",
                  "product_id": "T025227-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:commons:bcel_6.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commons"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.6.1",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1",
                  "product_id": "389168",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          },
          {
            "category": "product_name",
            "name": "IBM SPSS",
            "product": {
              "name": "IBM SPSS",
              "product_id": "T013570",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:spss:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42920",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T025227",
          "T000126",
          "T019704",
          "389168",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T013570"
        ]
      },
      "release_date": "2022-11-06T23:00:00.000+00:00",
      "title": "CVE-2022-42920"
    }
  ]
}

WID-SEC-W-2023-0132

Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-05-01 22:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Kritisch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2018-25032

In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2018-7489

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-10693

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-11987

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-13956

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-31812

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36090

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36770

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-42717

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-1122

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-2274

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-23305

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-23457

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-24329

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-25236

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-25647

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-27404

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-27782

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-29824

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-3171

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-31813

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-37434

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40146

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40150

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40153

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40664

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42003

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42889

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42920

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-43680

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45047

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21832

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21837

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21838

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21839

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21841

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21842

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21846

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21859

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21861

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21862

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21891

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21892

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21894

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 6.4.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:6.4.0.0.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 5.9.0.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:5.9.0.0.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.cisa.gov/news-events/alerts/2023/05/0…	external
https://www.oracle.com/security-alerts/cpujan2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0132 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0132.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0132 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0132"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2023-05-01",
        "url": "https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-adds-three-known-exploited-vulnerabilities-catalog"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Fusion Middleware vom 2023-01-17",
        "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixFMW"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-05-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:41:47.510+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0132",
      "initial_release_date": "2023-01-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-01-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Exploit-Hinweis f\u00fcr CVE-2023-21839 aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.3.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.3.0",
                  "product_id": "618028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 5.9.0.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 5.9.0.0.0",
                  "product_id": "T021683",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:5.9.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 8.5.6",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.6",
                  "product_id": "T024993",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 6.4.0.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 6.4.0.0.0",
                  "product_id": "T024994",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:6.4.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware \u003c 13.9.4.2.11",
                "product": {
                  "name": "Oracle Fusion Middleware \u003c 13.9.4.2.11",
                  "product_id": "T025879",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:13.9.4.2.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-25032",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2018-25032"
    },
    {
      "cve": "CVE-2018-7489",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2018-7489"
    },
    {
      "cve": "CVE-2020-10693",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2020-10693"
    },
    {
      "cve": "CVE-2020-11987",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2020-11987"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2021-31812",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2021-31812"
    },
    {
      "cve": "CVE-2021-36090",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2021-36090"
    },
    {
      "cve": "CVE-2021-36770",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2021-36770"
    },
    {
      "cve": "CVE-2021-42717",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2021-42717"
    },
    {
      "cve": "CVE-2022-1122",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-1122"
    },
    {
      "cve": "CVE-2022-2274",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-2274"
    },
    {
      "cve": "CVE-2022-23305",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-23305"
    },
    {
      "cve": "CVE-2022-23457",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-23457"
    },
    {
      "cve": "CVE-2022-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2022-25236",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-25236"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-27404",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-27404"
    },
    {
      "cve": "CVE-2022-27782",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-29824",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-29824"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-31813",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-31813"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-40146",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40153",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-40153"
    },
    {
      "cve": "CVE-2022-40664",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-40664"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42889",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-42889"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-45047",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2022-45047"
    },
    {
      "cve": "CVE-2023-21832",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21832"
    },
    {
      "cve": "CVE-2023-21837",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21837"
    },
    {
      "cve": "CVE-2023-21838",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21838"
    },
    {
      "cve": "CVE-2023-21839",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21839"
    },
    {
      "cve": "CVE-2023-21841",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21841"
    },
    {
      "cve": "CVE-2023-21842",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21842"
    },
    {
      "cve": "CVE-2023-21846",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21846"
    },
    {
      "cve": "CVE-2023-21859",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21859"
    },
    {
      "cve": "CVE-2023-21861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21861"
    },
    {
      "cve": "CVE-2023-21862",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21862"
    },
    {
      "cve": "CVE-2023-21891",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21891"
    },
    {
      "cve": "CVE-2023-21892",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21892"
    },
    {
      "cve": "CVE-2023-21894",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "T024994",
          "751674",
          "T021683",
          "829576"
        ]
      },
      "release_date": "2023-01-17T23:00:00.000+00:00",
      "title": "CVE-2023-21894"
    }
  ]
}

WID-SEC-W-2023-1807

Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-12-26 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-26119

In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-26049

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-25690

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-25194

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-24998

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-23914

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22899

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22040

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22031

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21994

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-20863

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-20861

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-20860

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-1436

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-1370

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45688

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45047

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-43680

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42920

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42890

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-41966

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-41853

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40152

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-36033

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-33879

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-31197

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-29546

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-25647

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-24409

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-23437

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-46877

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-43113

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-42575

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-41184

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-4104

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-37533

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36374

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36090

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-34429

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-33813

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-29425

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-28168

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-26117

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-23926

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-8908

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-36518

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-17521

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-13956

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-13936

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 9.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:9.1.0`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2023…	external
https://www.dell.com/support/kbdoc/000220669/dsa-2023-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1807 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1807 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Fusion Middleware vom 2023-07-18",
        "url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-26T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:51.397+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1807",
      "initial_release_date": "2023-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.3.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.3.0",
                  "product_id": "618028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 9.1.0",
                "product": {
                  "name": "Oracle Fusion Middleware 9.1.0",
                  "product_id": "T022847",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:9.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware \u003c 11.1.2.3.1",
                "product": {
                  "name": "Oracle Fusion Middleware \u003c 11.1.2.3.1",
                  "product_id": "T028708",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:11.1.2.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26119",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-26119"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-25690",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-25690"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-23914",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-22899",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-22899"
    },
    {
      "cve": "CVE-2023-22040",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-22040"
    },
    {
      "cve": "CVE-2023-22031",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-22031"
    },
    {
      "cve": "CVE-2023-21994",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-21994"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2023-20860",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-20860"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45047",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-45047"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41853",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-41853"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-33879",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-33879"
    },
    {
      "cve": "CVE-2022-31197",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-31197"
    },
    {
      "cve": "CVE-2022-29546",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-29546"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-24409",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-24409"
    },
    {
      "cve": "CVE-2022-23437",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2022-23437"
    },
    {
      "cve": "CVE-2021-46877",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-46877"
    },
    {
      "cve": "CVE-2021-43113",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-43113"
    },
    {
      "cve": "CVE-2021-42575",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-42575"
    },
    {
      "cve": "CVE-2021-41184",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-36090",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-36090"
    },
    {
      "cve": "CVE-2021-34429",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-34429"
    },
    {
      "cve": "CVE-2021-33813",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-33813"
    },
    {
      "cve": "CVE-2021-29425",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-28168",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-28168"
    },
    {
      "cve": "CVE-2021-26117",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-26117"
    },
    {
      "cve": "CVE-2021-23926",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-23926"
    },
    {
      "cve": "CVE-2020-8908",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-17521",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-17521"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T022847",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    }
  ]
}

WID-SEC-W-2023-2674

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-12-26 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-39022

In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-35887

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-35116

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-34462

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-2976

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-28708

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-28484

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-2650

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-24998

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22127

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22126

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22108

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22101

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22089

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22086

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22072

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22069

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22019

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-20863

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-1436

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45690

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45688

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-44729

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42920

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42004

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-37436

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-29599

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-29546

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-24839

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-23491

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-37714

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-37136

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36374

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-28165

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-13956

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2019-10086

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2023…	external
https://www.dell.com/support/kbdoc/000220669/dsa-2023-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2674 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2674.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2674 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2674"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Fusion Middleware vom 2023-10-17",
        "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-26T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:59:59.153+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2674",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.3.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.3.0",
                  "product_id": "618028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 8.5.6",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.6",
                  "product_id": "T024993",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39022",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-39022"
    },
    {
      "cve": "CVE-2023-35887",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-35887"
    },
    {
      "cve": "CVE-2023-35116",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28484",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28484"
    },
    {
      "cve": "CVE-2023-2650",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2650"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-22127",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22127"
    },
    {
      "cve": "CVE-2023-22126",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22126"
    },
    {
      "cve": "CVE-2023-22108",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22108"
    },
    {
      "cve": "CVE-2023-22101",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22101"
    },
    {
      "cve": "CVE-2023-22089",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22089"
    },
    {
      "cve": "CVE-2023-22086",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22086"
    },
    {
      "cve": "CVE-2023-22072",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22072"
    },
    {
      "cve": "CVE-2023-22069",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22069"
    },
    {
      "cve": "CVE-2023-22019",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22019"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2022-45690",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45690"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-44729",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-44729"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-37436",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-37436"
    },
    {
      "cve": "CVE-2022-29599",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-29599"
    },
    {
      "cve": "CVE-2022-29546",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-29546"
    },
    {
      "cve": "CVE-2022-24839",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-24839"
    },
    {
      "cve": "CVE-2022-23491",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2021-37714",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-37714"
    },
    {
      "cve": "CVE-2021-37136",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-37136"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-28165",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2019-10086",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2019-10086"
    }
  ]
}

WID-SEC-W-2023-2679

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-41080

In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-4039

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-40167

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-38408

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-3824

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-3635

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-35788

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34981

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34462

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34396

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-34034

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-33201

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-30861

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2976

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-29491

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-28484

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26604

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26049

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-26048

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2603

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-23931

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-2283

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-22083

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-20883

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-20863

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2023-0361

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-4899

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-45688

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-45061

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-4492

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-42920

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-40982

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-36944

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-25147

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-24834

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2022-24329

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2021-41945

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2021-37533

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

CVE-2020-7760

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Communications 23.2.0 Oracle / Communications	`cpe:/a:oracle:communications:23.2.0`	—
Oracle Communications 23.2.1 Oracle / Communications	`cpe:/a:oracle:communications:23.2.1`	—
Oracle Communications 4.1 Oracle / Communications	`cpe:/a:oracle:communications:4.1`	—
Oracle Communications 23.1.3 Oracle / Communications	`cpe:/a:oracle:communications:23.1.3`	—
Oracle Communications 23.1.2 Oracle / Communications	`cpe:/a:oracle:communications:23.1.2`	—
Oracle Communications 23.3.0 Oracle / Communications	`cpe:/a:oracle:communications:23.3.0`	—
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	—
Oracle Communications 12.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0`	—
Oracle Communications 7.2.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.0.0.0`	—
Oracle Communications 23.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0.0`	—
Oracle Communications 9.1.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.6.0`	—
Oracle Communications 7.2.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.2.1.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
Oracle Communications 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—
Oracle Communications 23.1.0 Oracle / Communications	`cpe:/a:oracle:communications:23.1.0`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 5.1 Oracle / Communications	`cpe:/a:oracle:communications:5.1`	—
Oracle Communications 9.1.1.5.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.5.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications <= 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	—
Oracle Communications <= 23.1.8 Oracle / Communications	`cpe:/a:oracle:communications:23.1.8`	—
Oracle Communications <= 9.2 Oracle / Communications	`cpe:/a:oracle:communications:9.2`	—
Oracle Communications <= 23.2.4 Oracle / Communications	`cpe:/a:oracle:communications:23.2.4`	—
Oracle Communications <= 23.2.2 Oracle / Communications	`cpe:/a:oracle:communications:23.2.2`	—
Oracle Communications <= 23.1.7 Oracle / Communications	`cpe:/a:oracle:communications:23.1.7`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2679 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2679.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2679 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2679"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Communications vom 2023-10-17",
        "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixCGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-17T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:00.988+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2679",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Communications 3.3",
                "product": {
                  "name": "Oracle Communications 3.3",
                  "product_id": "T020687",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:3.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 5.0",
                "product": {
                  "name": "Oracle Communications 5.0",
                  "product_id": "T021645",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 8.6.0.0",
                "product": {
                  "name": "Oracle Communications 8.6.0.0",
                  "product_id": "T024970",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:8.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.0",
                "product": {
                  "name": "Oracle Communications 23.1.0",
                  "product_id": "T027326",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.1",
                "product": {
                  "name": "Oracle Communications 23.1.1",
                  "product_id": "T027329",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 4.0",
                "product": {
                  "name": "Oracle Communications 4.0",
                  "product_id": "T027337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.2",
                "product": {
                  "name": "Oracle Communications 23.1.2",
                  "product_id": "T028681",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.2.0",
                "product": {
                  "name": "Oracle Communications 23.2.0",
                  "product_id": "T028682",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 5.1",
                "product": {
                  "name": "Oracle Communications 5.1",
                  "product_id": "T028684",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.5.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.5.0",
                  "product_id": "T028685",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.1.7",
                "product": {
                  "name": "Oracle Communications \u003c= 23.1.7",
                  "product_id": "T030582",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.2.2",
                "product": {
                  "name": "Oracle Communications \u003c= 23.2.2",
                  "product_id": "T030583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.3",
                "product": {
                  "name": "Oracle Communications 23.1.3",
                  "product_id": "T030584",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.2.1",
                "product": {
                  "name": "Oracle Communications 23.2.1",
                  "product_id": "T030585",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.3.0",
                "product": {
                  "name": "Oracle Communications 23.3.0",
                  "product_id": "T030586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.1.8",
                "product": {
                  "name": "Oracle Communications \u003c= 23.1.8",
                  "product_id": "T030587",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.2.4",
                "product": {
                  "name": "Oracle Communications \u003c= 23.2.4",
                  "product_id": "T030588",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.2.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.0.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0.0",
                  "product_id": "T030589",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 12.6.0.0",
                "product": {
                  "name": "Oracle Communications 12.6.0.0",
                  "product_id": "T030590",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:12.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 23.1.0.0",
                "product": {
                  "name": "Oracle Communications 23.1.0.0",
                  "product_id": "T030591",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 7.2.0.0.0",
                "product": {
                  "name": "Oracle Communications 7.2.0.0.0",
                  "product_id": "T030592",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 7.2.1.0.0",
                "product": {
                  "name": "Oracle Communications 7.2.1.0.0",
                  "product_id": "T030593",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.2.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.6.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.6.0",
                  "product_id": "T030594",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 9.0.2",
                "product": {
                  "name": "Oracle Communications \u003c= 9.0.2",
                  "product_id": "T030595",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 4.1",
                "product": {
                  "name": "Oracle Communications 4.1",
                  "product_id": "T030596",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 9.2",
                "product": {
                  "name": "Oracle Communications \u003c= 9.2",
                  "product_id": "T030597",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-41080",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-4039",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-4039"
    },
    {
      "cve": "CVE-2023-40167",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-40167"
    },
    {
      "cve": "CVE-2023-38408",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-38408"
    },
    {
      "cve": "CVE-2023-3824",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-3824"
    },
    {
      "cve": "CVE-2023-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-35788",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-35788"
    },
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-34396",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34396"
    },
    {
      "cve": "CVE-2023-34034",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-33201",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-30861",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-30861"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-29491",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-29491"
    },
    {
      "cve": "CVE-2023-28484",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28484"
    },
    {
      "cve": "CVE-2023-26604",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26604"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-26048",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-2603",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2603"
    },
    {
      "cve": "CVE-2023-23931",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-23931"
    },
    {
      "cve": "CVE-2023-2283",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-2283"
    },
    {
      "cve": "CVE-2023-22083",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22083"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-0361",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-0361"
    },
    {
      "cve": "CVE-2022-4899",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-4899"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45061",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45061"
    },
    {
      "cve": "CVE-2022-4492",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-4492"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-40982",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-40982"
    },
    {
      "cve": "CVE-2022-36944",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-36944"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-24834",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-24834"
    },
    {
      "cve": "CVE-2022-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2021-41945",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-41945"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2020-7760",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028682",
          "T030585",
          "T030596",
          "T030584",
          "T028681",
          "T030586",
          "T030589",
          "T030590",
          "T030592",
          "T030591",
          "T030594",
          "T030593",
          "T020687",
          "T021645",
          "T027329",
          "T027326",
          "T027337",
          "T024970",
          "T028684",
          "T028685"
        ],
        "last_affected": [
          "T030595",
          "T030587",
          "T030597",
          "T030588",
          "T030583",
          "T030582"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-7760"
    }
  ]
}

WID-SEC-W-2023-2680

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-34981

In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

CVE-2023-34462

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

CVE-2023-3247

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

CVE-2023-22088

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

CVE-2022-42920

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

CVE-2021-37533

Affected products

Known affected 5 products

Product	Identifier	Version
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 12.0.6.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0`	—

Last affected 4 products

Product	Identifier	Version
Oracle Communications Applications <= 5.5.17 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.17`	—
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 6.0.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.2`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2680 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2680.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2680 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2680"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Communications Applications vom 2023-10-17",
        "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixCAGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-10-17T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:01.630+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2680",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.0",
                  "product_id": "T018938",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.1",
                "product": {
                  "name": "Oracle Communications Applications 7.4.1",
                  "product_id": "T018939",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.5.0",
                "product": {
                  "name": "Oracle Communications Applications 7.5.0",
                  "product_id": "T021639",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 6.0.2",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 6.0.2",
                  "product_id": "T027323",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 5.5.17",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 5.5.17",
                  "product_id": "T028672",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:5.5.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 6.3.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications 6.3.1.0.0",
                  "product_id": "T030578",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.3.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 12.0.0.8",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 12.0.0.8",
                  "product_id": "T030579",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 12.0.6.0",
                "product": {
                  "name": "Oracle Communications Applications 12.0.6.0",
                  "product_id": "T030580",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 6.0.3",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 6.0.3",
                  "product_id": "T030581",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-3247",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-3247"
    },
    {
      "cve": "CVE-2023-22088",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22088"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T030578",
          "T021639",
          "T018938",
          "T018939",
          "T030580"
        ],
        "last_affected": [
          "T028672",
          "T030579",
          "T030581",
          "T027323"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-42920 (GCVE-0-2022-42920)

Tags

Sightings

Nomenclature