Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22259 (GCVE-0-2024-22259)
Vulnerability from cvelistv5 – Published: 2024-03-16 04:40 – Updated: 2025-02-13 17:33
VLAI
EPSS
Title
CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
Summary
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Severity
8.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Framework |
Affected:
6.1.x , < 6.1.5
(git)
Affected: 6.0.x , < 6.0.18 (git) Affected: 5.3.x , < 5.3.33 (git) |
Date Public
2024-03-15 10:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spring_framework",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.3.33",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T03:55:11.965544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:56:18.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22259"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring Framework",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "6.1.x",
"versionType": "git"
},
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.x",
"versionType": "git"
},
{
"lessThan": "5.3.33",
"status": "affected",
"version": "5.3.x",
"versionType": "git"
}
]
}
],
"datePublic": "2024-03-15T10:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApplications that use \u003ccode\u003eUriComponentsBuilder in Spring Framework\u003c/code\u003e\u0026nbsp;to parse an externally provided URL (e.g. through a query parameter) \u003cem\u003eAND\u003c/em\u003e\u0026nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cwe.mitre.org/data/definitions/601.html\"\u003eopen redirect\u003c/a\u003e\u0026nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.\u003c/p\u003e\u003cp\u003eThis is the same as \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22243\"\u003eCVE-2024-22243\u003c/a\u003e, but with different input.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:02.696Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22259"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22259",
"datePublished": "2024-03-16T04:40:08.680Z",
"dateReserved": "2024-01-08T18:43:15.943Z",
"dateUpdated": "2025-02-13T17:33:39.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-22259",
"date": "2026-05-29",
"epss": "0.56395",
"percentile": "0.98154"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22259\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-03-16T05:15:20.830\",\"lastModified\":\"2025-06-10T15:55:48.787\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\\n\\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\"},{\"lang\":\"es\",\"value\":\"Las aplicaciones que utilizan UriComponentsBuilder en Spring Framework para analizar una URL proporcionada externamente (por ejemplo, a trav\u00e9s de un par\u00e1metro de consulta) Y realizan comprobaciones de validaci\u00f3n en el host de la URL analizada pueden ser vulnerables a una redirecci\u00f3n abierta https://cwe.mitre.org/data/ definiciones/601.html o a un ataque SSRF si la URL se utiliza despu\u00e9s de pasar las comprobaciones de validaci\u00f3n. Esto es lo mismo que CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con entradas diferentes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.3.33\",\"matchCriteriaId\":\"265CE42F-68C0-46AD-80E8-382D052833E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.18\",\"matchCriteriaId\":\"1C1F744C-2328-45FA-BA6F-EAC3AA1E4FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.5\",\"matchCriteriaId\":\"D4C4F614-8E7A-4FFE-BC70-1728739E8E3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20240524-0002/\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://spring.io/security/cve-2024-22259\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240524-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://spring.io/security/cve-2024-22259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://spring.io/security/cve-2024-22259\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240524-0002/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:43:34.152Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22259\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-27T03:55:11.965544Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"spring_framework\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.18\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.3.0\", \"lessThan\": \"5.3.33\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-03T15:20:34.139Z\"}}], \"cna\": {\"title\": \"CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Spring\", \"product\": \"Spring Framework\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.x\", \"lessThan\": \"6.1.5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6.0.x\", \"lessThan\": \"6.0.18\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"5.3.x\", \"lessThan\": \"5.3.33\", \"versionType\": \"git\"}], \"packageName\": \"Spring Framework\", \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-03-15T10:36:00.000Z\", \"references\": [{\"url\": \"https://spring.io/security/cve-2024-22259\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240524-0002/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Applications that use UriComponentsBuilder in Spring Framework\\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \\u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\\n\\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eApplications that use \u003ccode\u003eUriComponentsBuilder in Spring Framework\u003c/code\u003e\u0026nbsp;to parse an externally provided URL (e.g. through a query parameter) \u003cem\u003eAND\u003c/em\u003e\u0026nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://cwe.mitre.org/data/definitions/601.html\\\"\u003eopen redirect\u003c/a\u003e\u0026nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.\u003c/p\u003e\u003cp\u003eThis is the same as \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://spring.io/security/cve-2024-22243\\\"\u003eCVE-2024-22243\u003c/a\u003e, but with different input.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-03-16T04:40:08.680Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22259\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-27T13:56:18.445Z\", \"dateReserved\": \"2024-01-08T18:43:15.943Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-03-16T04:40:08.680Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2024-22259
Vulnerability from fkie_nvd - Published: 2024-03-16 05:15 - Updated: 2025-06-10 15:55
Severity
Summary
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20240524-0002/ | Third Party Advisory | |
| security@vmware.com | https://spring.io/security/cve-2024-22259 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240524-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://spring.io/security/cve-2024-22259 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_framework | * | |
| vmware | spring_framework | * | |
| vmware | spring_framework | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265CE42F-68C0-46AD-80E8-382D052833E6",
"versionEndExcluding": "5.3.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1F744C-2328-45FA-BA6F-EAC3AA1E4FC6",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C4F614-8E7A-4FFE-BC70-1728739E8E3C",
"versionEndExcluding": "6.1.5",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input."
},
{
"lang": "es",
"value": "Las aplicaciones que utilizan UriComponentsBuilder en Spring Framework para analizar una URL proporcionada externamente (por ejemplo, a trav\u00e9s de un par\u00e1metro de consulta) Y realizan comprobaciones de validaci\u00f3n en el host de la URL analizada pueden ser vulnerables a una redirecci\u00f3n abierta https://cwe.mitre.org/data/ definiciones/601.html o a un ataque SSRF si la URL se utiliza despu\u00e9s de pasar las comprobaciones de validaci\u00f3n. Esto es lo mismo que CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con entradas diferentes."
}
],
"id": "CVE-2024-22259",
"lastModified": "2025-06-10T15:55:48.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-03-16T05:15:20.830",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22259"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-HGJH-9RJ2-G67J
Vulnerability from github – Published: 2024-03-16 06:30 – Updated: 2025-02-13 19:05
VLAI
Summary
Spring Framework URL Parsing with Host Validation Vulnerability
Details
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.
Severity
8.1 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0"
},
{
"fixed": "6.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.33"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-22259"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-18T16:20:30Z",
"nvd_published_at": "2024-03-16T05:15:20Z",
"severity": "HIGH"
},
"details": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.",
"id": "GHSA-hgjh-9rj2-g67j",
"modified": "2025-02-13T19:05:43Z",
"published": "2024-03-16T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/297cbae2990e1413537c55845a7e0ea0ffd9f9bb"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/381f790329a48b74c2a49fc1384dd68ca9153501"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/f2fd2f12269c6a781c5b2c20b3c24141055a3d68"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240524-0002"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2024-22259"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Spring Framework URL Parsing with Host Validation Vulnerability"
}
GSD-2024-22259
Vulnerability from gsd - Updated: 2024-01-09 06:02Details
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22259"
],
"details": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n",
"id": "GSD-2024-22259",
"modified": "2024-01-09T06:02:15.295893Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2024-22259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "6.1.x",
"versionType": "git"
},
{
"lessThan": "6.0.18",
"status": "affected",
"version": "6.0.x",
"versionType": "git"
},
{
"lessThan": "5.3.33",
"status": "affected",
"version": "5.3.x",
"versionType": "git"
}
]
}
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://spring.io/security/cve-2024-22259",
"refsource": "MISC",
"url": "https://spring.io/security/cve-2024-22259"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n"
}
],
"id": "CVE-2024-22259",
"lastModified": "2024-03-17T22:38:29.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2024-03-16T05:15:20.830",
"references": [
{
"source": "security@vmware.com",
"url": "https://spring.io/security/cve-2024-22259"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
NCSC-2024-0298
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:54 - Updated: 2024-07-17 13:54Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-122: Heap-based Buffer Overflow
CWE-145: Improper Neutralization of Section Delimiters
CWE-190: Integer Overflow or Wraparound
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-299: Improper Check for Certificate Revocation
CWE-306: Missing Authentication for Critical Function
CWE-328: Use of Weak Hash
CWE-377: Insecure Temporary File
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-552: Files or Directories Accessible to External Parties
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-918: Server-Side Request Forgery (SSRF)
CWE-377
- Insecure Temporary File
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
6.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware_mapviewer
oracle
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
fusion_middleware
oracle
|
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
|
— |
References
64 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Improper Neutralization of Section Delimiters",
"title": "CWE-145"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Insecure Temporary File",
"title": "CWE-377"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45378"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34034"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36478"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45853"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46750"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21133"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21175"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21181"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21183"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22243"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": " Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2024-07-17T13:54:00.411174Z",
"id": "NCSC-2024-0298",
"initial_release_date": "2024-07-17T13:54:00.411174Z",
"revision_history": [
{
"date": "2024-07-17T13:54:00.411174Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "fusion_middleware_mapviewer",
"product": {
"name": "fusion_middleware_mapviewer",
"product_id": "CSAFPID-226018",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fusion_middleware",
"product": {
"name": "fusion_middleware",
"product_id": "CSAFPID-271904",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"notes": [
{
"category": "other",
"text": "Insecure Temporary File",
"title": "CWE-377"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-1945",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1945.json"
}
],
"title": "CVE-2020-1945"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-40152",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-45378",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-45378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2022-45378"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-4759",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4759",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "other",
"text": "Use of Weak Hash",
"title": "CWE-328"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-6129",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29081",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json"
}
],
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-34034",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Neutralization of Section Delimiters",
"title": "CWE-145"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-34034",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34034.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-36478",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36478",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36478.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45853",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-46750",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-46750"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904",
"CSAFPID-226018"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904",
"CSAFPID-226018"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0853",
"cwe": {
"id": "CWE-299",
"name": "Improper Check for Certificate Revocation"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Certificate Revocation",
"title": "CWE-299"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0853",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-0853"
},
{
"cve": "CVE-2024-21133",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21133",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21133.json"
}
],
"title": "CVE-2024-21133"
},
{
"cve": "CVE-2024-21175",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21175",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21175.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21175"
},
{
"cve": "CVE-2024-21181",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21181",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21181"
},
{
"cve": "CVE-2024-21182",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21182"
},
{
"cve": "CVE-2024-21183",
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21183",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21183.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-21183"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22243",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22243",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22243.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22243"
},
{
"cve": "CVE-2024-22259",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22259",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22259.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-226018",
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-226018",
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-271904"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29857",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-271904"
]
}
],
"title": "CVE-2024-29857"
}
]
}
RHSA-2024:2945
Vulnerability from csaf_redhat - Published: 2024-05-21 14:18 - Updated: 2026-05-16 23:26Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update
Severity
Important
Notes
Topic: Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2023-6717) keycloak: XSS via assertion consumer service URL in SAML POST-binding flow
* (CVE-2024-1132) keycloak: path transversal in redirection validation
* (CVE-2024-1249) keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
* (CVE-2024-22259) springframework: URL Parsing with Host Validation
* (CVE-2022-41678) Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE
* (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeper
* (CVE-2023-6378) logback: serialization vulnerability in logback receiver
* (CVE-2023-6481) logback: A serialization vulnerability in logback receiver
* (CVE-2024-29025) netty-codec-http: Allocation of Resources Without Limits or Throttling
* (CVE-2024-29131) commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
* (CVE-2024-29133) commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in ActiveMQ's Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia's HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
6.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.12
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
71 references
Acknowledgments
Axel Flamcourt
Adriano Márcio Monteiro
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.12.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-6717) keycloak: XSS via assertion consumer service URL in SAML POST-binding flow\n* (CVE-2024-1132) keycloak: path transversal in redirection validation\n* (CVE-2024-1249) keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS\n* (CVE-2024-22259) springframework: URL Parsing with Host Validation\n* (CVE-2022-41678) Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE\n* (CVE-2023-44981) zookeeper: Authorization Bypass in Apache ZooKeeper\n* (CVE-2023-6378) logback: serialization vulnerability in logback receiver\n* (CVE-2023-6481) logback: A serialization vulnerability in logback receiver\n* (CVE-2024-29025) netty-codec-http: Allocation of Resources Without Limits or Throttling\n* (CVE-2024-29131) commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()\n* (CVE-2024-29133) commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2945",
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.12.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.12"
},
{
"category": "external",
"summary": "2243436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
},
{
"category": "external",
"summary": "2252185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
},
{
"category": "external",
"summary": "2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "2252956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
},
{
"category": "external",
"summary": "2253952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
},
{
"category": "external",
"summary": "2262117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
},
{
"category": "external",
"summary": "2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "2269846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
},
{
"category": "external",
"summary": "2270673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
},
{
"category": "external",
"summary": "2270674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2945.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update",
"tracking": {
"current_release_date": "2026-05-16T23:26:29+00:00",
"generator": {
"date": "2026-05-16T23:26:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2024:2945",
"initial_release_date": "2024-05-21T14:18:30+00:00",
"revision_history": [
{
"date": "2024-05-21T14:18:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T14:18:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T23:26:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7",
"product": {
"name": "Red Hat AMQ Broker 7",
"product_id": "Red Hat AMQ Broker 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.12"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41678",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252185"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in ActiveMQ\u0027s Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia\u0027s HttpRequestHandler, allowing an attacker to exploit the jdk.management.jfr.FlightRecorderMXBeanImpl class in Java 11 or higher. By crafting specific requests, an attacker could inject and execute a webshell, leading to remote code execution. This poses a significant security risk, especially in environments where Jolokia is enabled and not properly secured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered moderate severity due to the requirement of authenticated access to exploit the flaw, significantly reducing the risk to systems that enforce strong authentication controls. While it does allow for remote code execution through Jolokia\u0027s request handling and Java Management Extensions (JMX), the exploitation pathway is complex and relies on specific conditions, such as the presence of Java 11 or higher and misconfigured or permissive Jolokia settings. an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment.Only an authenticated attacker to achieve remote code execution (RCE) within the ActiveMQ environment. In environments where authentication is well-managed and Jolokia is correctly configured or disabled, the likelihood of successful exploitation is reduced, mitigating the overall impact on system security.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41678"
},
{
"category": "external",
"summary": "RHBZ#2252185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252185"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678"
}
],
"release_date": "2023-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "RHBZ#2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
}
],
"release_date": "2023-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-6481",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027) via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: A serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6481"
},
{
"category": "external",
"summary": "RHBZ#2252956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6481"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: A serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-6717",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6717"
},
{
"category": "external",
"summary": "RHBZ#2253952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717"
}
],
"release_date": "2024-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow"
},
{
"cve": "CVE-2023-44981",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2023-10-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243436"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zookeeper: Authorization Bypass in Apache ZooKeeper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44981"
},
{
"category": "external",
"summary": "RHBZ#2243436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b",
"url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
}
],
"release_date": "2023-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "zookeeper: Authorization Bypass in Apache ZooKeeper"
},
{
"acknowledgments": [
{
"names": [
"Axel Flamcourt"
]
}
],
"cve": "CVE-2024-1132",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path transversal in redirection validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1132"
},
{
"category": "external",
"summary": "RHBZ#2262117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
}
],
"release_date": "2024-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "No current mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path transversal in redirection validation"
},
{
"acknowledgments": [
{
"names": [
"Adriano M\u00e1rcio Monteiro"
]
}
],
"cve": "CVE-2024-1249",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2024-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262918"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application\u0027s availability without proper origin validation for incoming messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in Keycloak\u0027s OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1249"
},
{
"category": "external",
"summary": "RHBZ#2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249"
}
],
"release_date": "2024-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS"
},
{
"cve": "CVE-2024-22259",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269846"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: URL Parsing with Host Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22259"
},
{
"category": "external",
"summary": "RHBZ#2269846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22259",
"url": "https://spring.io/security/cve-2024-22259"
}
],
"release_date": "2024-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: URL Parsing with Host Validation"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270674"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that triggers an out-of-bounds write issue when processed by the vulnerable method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29131"
},
{
"category": "external",
"summary": "RHBZ#2270674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270674"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554",
"url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab",
"url": "https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-840",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
},
{
"cve": "CVE-2024-29133",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29133"
},
{
"category": "external",
"summary": "RHBZ#2270673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4",
"url": "https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/CONFIGURATION-841",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-841"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T14:18:30+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2945"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree"
}
]
}
WID-SEC-W-2024-0639
Vulnerability from csaf_certbund - Published: 2024-03-14 23:00 - Updated: 2025-11-18 23:00Summary
VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Dateien
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Spring Framework bietet ein Entwicklungsmodell für Java mit Infrastrukturunterstützung auf Anwendungsebene.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Dateien zu manipulieren oder Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Tanzu Spring Framework <5.3.33
VMware Tanzu / Spring Framework
|
<5.3.33 | ||
|
Atlassian Bamboo <9.6.1 (LTS)
Atlassian / Bamboo
|
<9.6.1 (LTS) | ||
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
Atlassian Bamboo <9.2.13 (LTS)
Atlassian / Bamboo
|
<9.2.13 (LTS) | ||
|
Shibboleth Identity Provider <5.1.1
Shibboleth / Identity Provider
|
<5.1.1 | ||
|
Atlassian Bamboo <9.5.3
Atlassian / Bamboo
|
<9.5.3 | ||
|
VMware Tanzu Spring Framework <6.1.5
VMware Tanzu / Spring Framework
|
<6.1.5 | ||
|
VMware Tanzu Spring Framework <6.0.18
VMware Tanzu / Spring Framework
|
<6.0.18 | ||
|
Shibboleth Identity Provider <4.3.2
Shibboleth / Identity Provider
|
<4.3.2 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS | ||
|
HCL Commerce <9.1.17.0
HCL / Commerce
|
<9.1.17.0 | ||
|
Dell NetWorker <19.13
Dell / NetWorker
|
<19.13 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Spring Framework bietet ein Entwicklungsmodell f\u00fcr Java mit Infrastrukturunterst\u00fctzung auf Anwendungsebene.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Dateien zu manipulieren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0639 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0639.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0639 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0639"
},
{
"category": "external",
"summary": "Spring.io Security Advisory vom 2024-03-14",
"url": "https://spring.io/security/cve-2024-22259"
},
{
"category": "external",
"summary": "Spring.io Blog vom 2024-03-14",
"url": "https://spring.io/blog/2024/03/14/spring-framework-6-1-5-6-0-18-and-5-3-33-available-now-including-fixes-for"
},
{
"category": "external",
"summary": "Shibboleth Identity Provider Security Advisory",
"url": "https://shibboleth.net/community/advisories/secadv_20240320.txt"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin",
"url": "https://confluence.atlassian.com/security/security-bulletin-april-16-2024-1387857429.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - June 18 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-130 vom 2024-07-02",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-130/index.html"
},
{
"category": "external",
"summary": "HCL Article KB0117576 vom 2024-12-04",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117576"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-258 vom 2025-06-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000338043/dsa-2025-258-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "VMware Tanzu Spring Framework: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:46.585+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-0639",
"initial_release_date": "2024-03-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.6.1 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.6.1 (LTS)",
"product_id": "T034229"
}
},
{
"category": "product_version",
"name": "9.6.1 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.6.1 (LTS)",
"product_id": "T034229-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.1_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.5.3",
"product": {
"name": "Atlassian Bamboo \u003c9.5.3",
"product_id": "T034230"
}
},
{
"category": "product_version",
"name": "9.5.3",
"product": {
"name": "Atlassian Bamboo 9.5.3",
"product_id": "T034230-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.5.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.13 (LTS)",
"product": {
"name": "Atlassian Bamboo \u003c9.2.13 (LTS)",
"product_id": "T034231"
}
},
{
"category": "product_version",
"name": "9.2.13 (LTS)",
"product": {
"name": "Atlassian Bamboo 9.2.13 (LTS)",
"product_id": "T034231-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c8.9.3",
"product": {
"name": "Atlassian Confluence Data Center \u003c8.9.3",
"product_id": "T035527"
}
},
{
"category": "product_version",
"name": "Data Center 8.9.3",
"product": {
"name": "Atlassian Confluence Data Center 8.9.3",
"product_id": "T035527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__8.9.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.11 LTS",
"product": {
"name": "Atlassian Confluence \u003c8.5.11 LTS",
"product_id": "T035530"
}
},
{
"category": "product_version",
"name": "8.5.11 LTS",
"product": {
"name": "Atlassian Confluence 8.5.11 LTS",
"product_id": "T035530-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.11_lts"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.24 LTS",
"product": {
"name": "Atlassian Confluence \u003c7.19.24 LTS",
"product_id": "T035531"
}
},
{
"category": "product_version",
"name": "7.19.24 LTS",
"product": {
"name": "Atlassian Confluence 7.19.24 LTS",
"product_id": "T035531-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.24_lts"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.13",
"product": {
"name": "Dell NetWorker \u003c19.13",
"product_id": "T044954"
}
},
{
"category": "product_version",
"name": "19.13",
"product": {
"name": "Dell NetWorker 19.13",
"product_id": "T044954-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.13"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.17.0",
"product": {
"name": "HCL Commerce \u003c9.1.17.0",
"product_id": "T039584"
}
},
{
"category": "product_version",
"name": "9.1.17.0",
"product": {
"name": "HCL Commerce 9.1.17.0",
"product_id": "T039584-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.17.0"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.1.1",
"product": {
"name": "Shibboleth Identity Provider \u003c5.1.1",
"product_id": "T033582"
}
},
{
"category": "product_version",
"name": "5.1.1",
"product": {
"name": "Shibboleth Identity Provider 5.1.1",
"product_id": "T033582-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:shibboleth:identity_provider:5.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.3.2",
"product": {
"name": "Shibboleth Identity Provider \u003c4.3.2",
"product_id": "T033583"
}
},
{
"category": "product_version",
"name": "4.3.2",
"product": {
"name": "Shibboleth Identity Provider 4.3.2",
"product_id": "T033583-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:shibboleth:identity_provider:4.3.2"
}
}
}
],
"category": "product_name",
"name": "Identity Provider"
}
],
"category": "vendor",
"name": "Shibboleth"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.5",
"product": {
"name": "VMware Tanzu Spring Framework \u003c6.1.5",
"product_id": "T033497"
}
},
{
"category": "product_version",
"name": "6.1.5",
"product": {
"name": "VMware Tanzu Spring Framework 6.1.5",
"product_id": "T033497-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_framework:6.1.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.0.18",
"product": {
"name": "VMware Tanzu Spring Framework \u003c6.0.18",
"product_id": "T033498"
}
},
{
"category": "product_version",
"name": "6.0.18",
"product": {
"name": "VMware Tanzu Spring Framework 6.0.18",
"product_id": "T033498-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_framework:6.0.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.3.33",
"product": {
"name": "VMware Tanzu Spring Framework \u003c5.3.33",
"product_id": "T033499"
}
},
{
"category": "product_version",
"name": "5.3.33",
"product": {
"name": "VMware Tanzu Spring Framework 5.3.33",
"product_id": "T033499-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_framework:5.3.33"
}
}
}
],
"category": "product_name",
"name": "Spring Framework"
}
],
"category": "vendor",
"name": "VMware Tanzu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22259",
"product_status": {
"known_affected": [
"T033499",
"T034229",
"T035527",
"T034231",
"T033582",
"T034230",
"T033497",
"T033498",
"T033583",
"T035531",
"T017562",
"T035530",
"T039584",
"T044954",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-03-14T23:00:00.000+00:00",
"title": "CVE-2024-22259"
}
]
}
WID-SEC-W-2024-0869
Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2025-09-10 22:00Summary
Oracle Communications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
23.2.0 | |
|
Oracle Communications 14.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:14.0.0.0.0
|
14.0.0.0.0 | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
23.3.0 | |
|
Oracle Communications 23.3.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.2
|
23.3.2 | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
9.0.0.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Communications 24.1.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0.0.0
|
24.1.0.0.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
23.2.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 23.3.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.1
|
23.3.1 | |
|
Oracle Communications 9.1.1.7.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.7.0
|
9.1.1.7.0 | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
5 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 22.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:22.4.0
|
22.4.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=9.0.2
Oracle / Communications
|
<=9.0.2 | ||
|
Oracle Communications <=7.2.1.0.0
Oracle / Communications
|
<=7.2.1.0.0 | ||
|
Oracle Communications <=23.4.2
Oracle / Communications
|
<=23.4.2 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0869 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0869 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1878"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04",
"url": "https://security.gentoo.org/glsa/202405-01"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7987"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15608 vom 2025-09-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-15608.html"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-10T22:00:00.000+00:00",
"generator": {
"date": "2025-09-11T08:26:12.211+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-0869",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "Oracle Communications 5.0",
"product_id": "T021645",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.0"
}
}
},
{
"category": "product_version",
"name": "22.4.0",
"product": {
"name": "Oracle Communications 22.4.0",
"product_id": "T024981",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:22.4.0"
}
}
},
{
"category": "product_version",
"name": "23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_version",
"name": "23.2.0",
"product": {
"name": "Oracle Communications 23.2.0",
"product_id": "T028682",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "23.2.2",
"product": {
"name": "Oracle Communications 23.2.2",
"product_id": "T030583",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.2"
}
}
},
{
"category": "product_version",
"name": "23.3.0",
"product": {
"name": "Oracle Communications 23.3.0",
"product_id": "T030586",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0.0",
"product": {
"name": "Oracle Communications 9.0.0.0",
"product_id": "T030589",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=7.2.1.0.0",
"product": {
"name": "Oracle Communications \u003c=7.2.1.0.0",
"product_id": "T030593"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.2.1.0.0",
"product": {
"name": "Oracle Communications \u003c=7.2.1.0.0",
"product_id": "T030593-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.2",
"product": {
"name": "Oracle Communications \u003c=9.0.2",
"product_id": "T030595"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.2",
"product": {
"name": "Oracle Communications \u003c=9.0.2",
"product_id": "T030595-fixed"
}
},
{
"category": "product_version",
"name": "23.3.1",
"product": {
"name": "Oracle Communications 23.3.1",
"product_id": "T032088",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.1"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.1",
"product": {
"name": "Oracle Communications 23.4.1",
"product_id": "T034143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.2",
"product": {
"name": "Oracle Communications \u003c=23.4.2",
"product_id": "T034144"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.2",
"product": {
"name": "Oracle Communications \u003c=23.4.2",
"product_id": "T034144-fixed"
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0.0.0",
"product": {
"name": "Oracle Communications 24.1.0.0.0",
"product_id": "T034147",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.3.2",
"product": {
"name": "Oracle Communications 23.3.2",
"product_id": "T034148",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.2"
}
}
},
{
"category": "product_version",
"name": "14.0.0.0.0",
"product": {
"name": "Oracle Communications 14.0.0.0.0",
"product_id": "T034149",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:14.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "9.1.1.7.0",
"product": {
"name": "Oracle Communications 9.1.1.7.0",
"product_id": "T034150",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.7.0"
}
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40896",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-40896"
},
{
"cve": "CVE-2022-45688",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2023-2283",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-2283"
},
{
"cve": "CVE-2023-31122",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-33201",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-34053",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-34053"
},
{
"cve": "CVE-2023-34055",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-34055"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-41056",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-41056"
},
{
"cve": "CVE-2023-43496",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-43496"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-4641",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4641"
},
{
"cve": "CVE-2023-46589",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-47100",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-47100"
},
{
"cve": "CVE-2023-4863",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-4863"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-5072",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-51074",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51074"
},
{
"cve": "CVE-2023-51257",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51257"
},
{
"cve": "CVE-2023-51775",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-5341",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5341"
},
{
"cve": "CVE-2023-5363",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-6507",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-6507"
},
{
"cve": "CVE-2024-1635",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-1635"
},
{
"cve": "CVE-2024-21626",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-22201",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22233",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22233"
},
{
"cve": "CVE-2024-22257",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22259",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-25062",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26130",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"T028682",
"T034149",
"T030586",
"T034148",
"T030589",
"67646",
"T034143",
"T015632",
"T012167",
"T004914",
"T034147",
"T034146",
"T030583",
"T034145",
"T032088",
"T034150",
"T021645",
"T032091",
"T027326",
"T024981",
"T028684"
],
"last_affected": [
"T030595",
"T030593",
"T034144"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
}
]
}
WID-SEC-W-2024-1313
Vulnerability from csaf_certbund - Published: 2024-06-06 22:00 - Updated: 2024-12-01 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Dateien zu manipulieren, um einen Denial-of-Service-Zustand erzuegen, um vertrauliche Informationen offenzulegen, um die Sicherheitsmaßnahmen zu umgehen und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgemäßem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler bestehen in rhboot-Shim aufgrund eines Out-of-Bounds-Write und eines Heap-basierten Pufferüberlaufs. Ein Angreifer aus einem angrenzenden Netzwerk oder ein lokaler Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler bestehen in rhboot-Shim aufgrund eines Out-of-Bounds-Write und eines Heap-basierten Pufferüberlaufs. Ein Angreifer aus einem angrenzenden Netzwerk oder ein lokaler Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler besteht in rhboot-Shim aufgrund eines Out-of-Bound-Lesefehlers in der Funktion verify_buffer_sbat(). Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
In IBM QRadar SIEM existieren mehrere Schwachstellen in der SSSD-Komponente. Die GPO-Richtlinie für authentifizierte Benutzer wird nicht konsistent angewendet. Ein Angreifer aus einem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen bzgl. Autorisierung zu umgehen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP8 IF03
IBM / QRadar SIEM
|
<7.5.0 UP8 IF03 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Dateien zu manipulieren, um einen Denial-of-Service-Zustand erzuegen, um vertrauliche Informationen offenzulegen, um die Sicherheitsma\u00dfnahmen zu umgehen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1313 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1313.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1313 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1313"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-06-06",
"url": "https://www.ibm.com/support/pages/node/7156667"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-01T23:00:00.000+00:00",
"generator": {
"date": "2024-12-02T11:03:55.226+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1313",
"initial_release_date": "2024-06-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-01T23:00:00.000+00:00",
"number": "2",
"summary": "Korrektur Plattformauswahl"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP8 IF03",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP8 IF03",
"product_id": "T035249"
}
},
{
"category": "product_version",
"name": "7.5.0 UP8 IF03",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP8 IF03",
"product_id": "T035249-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up8_if03"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22243",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2024-22243"
},
{
"cve": "CVE-2024-22259",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler betreffen das VMware Tanzu Spring Framework aufgrund eines offenen Redirects in UriComponentsBuilder. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Phising-Angriff durchzuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2023-40546",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40546"
},
{
"cve": "CVE-2023-40549",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40549"
},
{
"cve": "CVE-2023-40551",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40551"
},
{
"cve": "CVE-2023-4408",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-4408"
},
{
"cve": "CVE-2023-50387",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-50387"
},
{
"cve": "CVE-2023-50868",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in den Komponenten ISC BIND und rhboot shim. Diese bestehen aufgrund unsachgem\u00e4\u00dfem Parsing, Fehlern bei der Antwortverarbeitung, einer NULL-Zeiger-Dereferenz und einem Out-of-Bounds-Read-Fehler. Ein entfernter, anonymer oder ein lokaler, privilegierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2023-40547",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler bestehen in rhboot-Shim aufgrund eines Out-of-Bounds-Write und eines Heap-basierten Puffer\u00fcberlaufs. Ein Angreifer aus einem angrenzenden Netzwerk oder ein lokaler Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40547"
},
{
"cve": "CVE-2023-40548",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler bestehen in rhboot-Shim aufgrund eines Out-of-Bounds-Write und eines Heap-basierten Puffer\u00fcberlaufs. Ein Angreifer aus einem angrenzenden Netzwerk oder ein lokaler Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40548"
},
{
"cve": "CVE-2023-40550",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese Fehler besteht in rhboot-Shim aufgrund eines Out-of-Bound-Lesefehlers in der Funktion verify_buffer_sbat(). Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-40550"
},
{
"cve": "CVE-2023-3758",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen in der SSSD-Komponente. Die GPO-Richtlinie f\u00fcr authentifizierte Benutzer wird nicht konsistent angewendet. Ein Angreifer aus einem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen bzgl. Autorisierung zu umgehen."
}
],
"product_status": {
"known_affected": [
"T035249"
]
},
"release_date": "2024-06-06T22:00:00.000+00:00",
"title": "CVE-2023-3758"
}
]
}
WID-SEC-W-2024-1637
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2025-03-05 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1637 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1637 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Fusion Middleware vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW"
},
{
"category": "external",
"summary": "PoC CVE-2024-21182 vom 2024-12-30",
"url": "https://github.com/k4it0k1d/CVE-2024-21182"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184867 vom 2025-03-05",
"url": "https://www.ibm.com/support/pages/node/7184867"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-05T23:00:00.000+00:00",
"generator": {
"date": "2025-03-06T09:18:07.394+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-1637",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-30T23:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2024-21182 erg\u00e4nzt"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5.5.8",
"product": {
"name": "IBM FileNet Content Manager 5.5.8",
"product_id": "1487483",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.8"
}
}
},
{
"category": "product_version",
"name": "5.5.12",
"product": {
"name": "IBM FileNet Content Manager 5.5.12",
"product_id": "T039291",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.12"
}
}
},
{
"category": "product_version",
"name": "5.6.0",
"product": {
"name": "IBM FileNet Content Manager 5.6.0",
"product_id": "T039292",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.6.0"
}
}
}
],
"category": "product_name",
"name": "FileNet Content Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "12.2.1.19.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.19.0",
"product_id": "T036225",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.19.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-1945",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2020-1945"
},
{
"cve": "CVE-2021-29425",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-45378",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-45378"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29081",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-2976",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-34034",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-36478",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-45853",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-46750",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-46750"
},
{
"cve": "CVE-2023-4759",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-5072",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-6129",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2024-0853",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0853"
},
{
"cve": "CVE-2024-21133",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21133"
},
{
"cve": "CVE-2024-21175",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21175"
},
{
"cve": "CVE-2024-21181",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21181"
},
{
"cve": "CVE-2024-21182",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21182"
},
{
"cve": "CVE-2024-21183",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21183"
},
{
"cve": "CVE-2024-22201",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22243",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22243"
},
{
"cve": "CVE-2024-22259",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-22262",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-25062",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-29025",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29857",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29857"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…