Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-41242 (GCVE-0-2025-41242)
Vulnerability from cvelistv5 – Published: 2025-08-18 08:47 – Updated: 2025-08-25 18:14
VLAI
EPSS
Title
CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers
Summary
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container.
An application can be vulnerable when all the following are true:
* the application is deployed as a WAR or with an embedded Servlet container
* the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization
* the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling
We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Framework |
Affected:
6.2.x , < 6.2.10
(OSS)
Affected: 6.1.x , < 6.1.22 (commercial) Affected: 5.3.x , < 5.3.44 (commercial) |
Date Public
2025-08-14 20:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T11:20:32.641979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:14:59.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Framework",
"product": "Spring Framework",
"vendor": "VMware",
"versions": [
{
"lessThan": "6.2.10",
"status": "affected",
"version": "6.2.x",
"versionType": "OSS"
},
{
"lessThan": "6.1.22",
"status": "affected",
"version": "6.1.x",
"versionType": "commercial"
},
{
"lessThan": "5.3.44",
"status": "affected",
"version": "5.3.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-08-14T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring Framework MVC applications can be vulnerable to a \u201cPath Traversal Vulnerability\u201d when deployed on a non-compliant Servlet container.\u003c/p\u003e\u003cp\u003eAn application can be vulnerable when all the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003ethe application is deployed as a WAR or with an embedded Servlet container\u003c/li\u003e\u003cli\u003ethe Servlet container \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization\"\u003edoes not reject suspicious sequences\u003c/a\u003e\u003c/li\u003e\u003cli\u003ethe application \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title\"\u003eserves static resources\u003c/a\u003e\u0026nbsp;with Spring resource handling\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Spring Framework MVC applications can be vulnerable to a \u201cPath Traversal Vulnerability\u201d when deployed on a non-compliant Servlet container.\n\nAn application can be vulnerable when all the following are true:\n\n * the application is deployed as a WAR or with an embedded Servlet container\n * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization \n * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title \u00a0with Spring resource handling\n\n\nWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T08:47:07.427Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://spring.io/security/cve-2025-41242"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41242",
"datePublished": "2025-08-18T08:47:07.427Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2025-08-25T18:14:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-41242",
"date": "2026-06-22",
"epss": "0.01916",
"percentile": "0.77191"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-41242\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-08-18T09:15:28.637\",\"lastModified\":\"2025-08-25T19:15:29.667\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework MVC applications can be vulnerable to a \u201cPath Traversal Vulnerability\u201d when deployed on a non-compliant Servlet container.\\n\\nAn application can be vulnerable when all the following are true:\\n\\n * the application is deployed as a WAR or with an embedded Servlet container\\n * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization \\n * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title \u00a0with Spring resource handling\\n\\n\\nWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.\"},{\"lang\":\"es\",\"value\":\"Las aplicaciones Spring Framework MVC pueden ser vulnerables a una \\\"Vulnerabilidad de Path Traversal\\\" cuando se implementan en un contenedor de Servlet no compatible. Una aplicaci\u00f3n puede ser vulnerable cuando se cumplen todas las siguientes condiciones: * la aplicaci\u00f3n se implementa como un WAR o con un contenedor de Servlet integrado * el contenedor de Servlet no rechaza secuencias sospechosas https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * la aplicaci\u00f3n sirve recursos est\u00e1ticos https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title con el manejo de recursos de Spring Hemos verificado que las aplicaciones implementadas en Apache Tomcat o Eclipse Jetty no son vulnerables, siempre que las funciones de seguridad predeterminadas no est\u00e9n deshabilitadas en la configuraci\u00f3n. Dado que no podemos comprobar los exploits en todos los contenedores de Servlet y variantes de configuraci\u00f3n, recomendamos encarecidamente actualizar su aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"http://spring.io/security/cve-2025-41242\",\"source\":\"security@vmware.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41242\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-18T11:20:32.641979Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-18T11:20:36.420Z\"}}], \"cna\": {\"title\": \"CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"Spring Framework\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.x\", \"lessThan\": \"6.2.10\", \"versionType\": \"OSS\"}, {\"status\": \"affected\", \"version\": \"6.1.x\", \"lessThan\": \"6.1.22\", \"versionType\": \"commercial\"}, {\"status\": \"affected\", \"version\": \"5.3.x\", \"lessThan\": \"5.3.44\", \"versionType\": \"commercial\"}], \"packageName\": \"Spring Framework\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-08-14T20:41:00.000Z\", \"references\": [{\"url\": \"http://spring.io/security/cve-2025-41242\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Spring Framework MVC applications can be vulnerable to a \\u201cPath Traversal Vulnerability\\u201d when deployed on a non-compliant Servlet container.\\n\\nAn application can be vulnerable when all the following are true:\\n\\n * the application is deployed as a WAR or with an embedded Servlet container\\n * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization \\n * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title \\u00a0with Spring resource handling\\n\\n\\nWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSpring Framework MVC applications can be vulnerable to a \\u201cPath Traversal Vulnerability\\u201d when deployed on a non-compliant Servlet container.\u003c/p\u003e\u003cp\u003eAn application can be vulnerable when all the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003ethe application is deployed as a WAR or with an embedded Servlet container\u003c/li\u003e\u003cli\u003ethe Servlet container \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization\\\"\u003edoes not reject suspicious sequences\u003c/a\u003e\u003c/li\u003e\u003cli\u003ethe application \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title\\\"\u003eserves static resources\u003c/a\u003e\u0026nbsp;with Spring resource handling\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-08-18T08:47:07.427Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-41242\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-25T18:14:59.837Z\", \"dateReserved\": \"2025-04-16T09:30:17.799Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-08-18T08:47:07.427Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
NCSC-2026-0126
Vulnerability from csaf_ncscnl - Published: 2026-04-22 12:56 - Updated: 2026-04-22 12:56Summary
Kwetsbaarheden verholpen in Oracle E-Business Suite
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-284: Improper Access Control
A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.
9.8 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.
9.1 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.
8.8 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.
7.6 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.
6.1 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.
5.9 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.
5.5 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.
6.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.
5.4 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.
4.7 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
References
14 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.\n\n",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle E-Business Suite",
"tracking": {
"current_release_date": "2026-04-22T12:56:26.266249Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0126",
"initial_release_date": "2026-04-22T12:56:26.266249Z",
"revision_history": [
{
"date": "2026-04-22T12:56:26.266249Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Inbound Telephony"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Supply Chain Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Applications DBA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Command Center Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Flow Manufacturing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Global Order Promising"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle HCM Common Architecture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Rapid Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Yard Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle iProcurement"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34275",
"notes": [
{
"category": "description",
"text": "A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34275 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34275.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34275"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2025-48734",
"notes": [
{
"category": "description",
"text": "Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2026-22011",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22011"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "description",
"text": "Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2026-34297",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34297 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34297.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34297"
},
{
"cve": "CVE-2026-34274",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34274 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34274.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34274"
},
{
"cve": "CVE-2025-41242",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41242 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2026-34302",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34302"
},
{
"cve": "CVE-2025-31672",
"notes": [
{
"category": "description",
"text": "Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-34298",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34298 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34298.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34298"
},
{
"cve": "CVE-2026-22014",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22014"
}
]
}
WID-SEC-W-2025-1832
Vulnerability from csaf_certbund - Published: 2025-08-13 22:00 - Updated: 2026-03-23 23:00Summary
VMware Tanzu Spring Framework: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Spring Framework bietet ein Entwicklungsmodell für Java mit Infrastrukturunterstützung auf Anwendungsebene.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAS Institute Base SAS <9.4M9 (TS1M9)
SAS Institute / Base SAS
|
<9.4M9 (TS1M9) | ||
|
HCL Commerce <25.09.17.0
HCL / Commerce
|
<25.09.17.0 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
NetApp ActiveIQ Unified Manager for Linux
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_linux
|
for Linux | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
Open Source Camunda <7.22.8
Open Source / Camunda
|
<7.22.8 | ||
|
RealObjects PDFreactor <12.3
RealObjects / PDFreactor
|
<12.3 | ||
|
Open Source Camunda <7.21.13
Open Source / Camunda
|
<7.21.13 | ||
|
IBM Sterling Connect:Direct
IBM
|
cpe:/a:ibm:sterling_connect%3adirect:-
|
— | |
|
NetApp ActiveIQ Unified Manager for Microsoft Windows
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows
|
for Microsoft Windows | |
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Open Source Camunda <7.23.5
Open Source / Camunda
|
<7.23.5 | ||
|
VMware Tanzu Spring Framework <6.2.10
VMware Tanzu / Spring Framework
|
<6.2.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Spring Framework bietet ein Entwicklungsmodell f\u00fcr Java mit Infrastrukturunterst\u00fctzung auf Anwendungsebene.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1832 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1832.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1832 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1832"
},
{
"category": "external",
"summary": "Spring Framework 6.2.10 release vom 2025-08-13",
"url": "https://spring.io/blog/2025/08/14/spring-framework-6-2-10-release-fixes-cve-2025-41242"
},
{
"category": "external",
"summary": "Spring Security Advisory vom 2025-08-13",
"url": "https://spring.io/security/cve-2025-41242"
},
{
"category": "external",
"summary": "Camunda Security Notices",
"url": "https://docs.camunda.org/security/notices/#notice-145"
},
{
"category": "external",
"summary": "PDFreactor Release Notes vom 2025-09-05",
"url": "https://www.pdfreactor.com/pdfreactor-12-3-now-available/"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250912-0002 vom 2025-09-12",
"url": "https://security.netapp.com/advisory/NTAP-20250912-0002"
},
{
"category": "external",
"summary": "SAS Security Update vom 2025-10-02",
"url": "https://support.sas.com/en/security-bulletins/sas-security-update-for-sas-94m9-ts1m9.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7247286 vom 2025-10-07",
"url": "https://www.ibm.com/support/pages/node/7247286"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-10-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124532"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250260 vom 2025-11-06",
"url": "https://www.ibm.com/support/pages/node/7250260"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7258317 vom 2026-01-29",
"url": "https://www.ibm.com/support/pages/node/7258317"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "VMware Tanzu Spring Framework: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2026-03-23T23:00:00.000+00:00",
"generator": {
"date": "2026-03-24T10:01:14.090+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1832",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-18T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: 2389237, EUVD-2025-25122"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-09-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-05T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c25.09.17.0",
"product": {
"name": "HCL Commerce \u003c25.09.17.0",
"product_id": "T047719"
}
},
{
"category": "product_version",
"name": "25.09.17.0",
"product": {
"name": "HCL Commerce 25.09.17.0",
"product_id": "T047719-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:25.09.17.0"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T043411",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager",
"product": {
"name": "IBM Operational Decision Manager",
"product_id": "T005180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:-"
}
}
},
{
"category": "product_name",
"name": "IBM Sterling Connect:Direct",
"product": {
"name": "IBM Sterling Connect:Direct",
"product_id": "T045428",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for Linux",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Linux",
"product_id": "T023548",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux"
}
}
},
{
"category": "product_version",
"name": "for Microsoft Windows",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
"product_id": "T025631",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.23.5",
"product": {
"name": "Open Source Camunda \u003c7.23.5",
"product_id": "T046632"
}
},
{
"category": "product_version",
"name": "7.23.5",
"product": {
"name": "Open Source Camunda 7.23.5",
"product_id": "T046632-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.23.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.22.8",
"product": {
"name": "Open Source Camunda \u003c7.22.8",
"product_id": "T046633"
}
},
{
"category": "product_version",
"name": "7.22.8",
"product": {
"name": "Open Source Camunda 7.22.8",
"product_id": "T046633-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.21.13",
"product": {
"name": "Open Source Camunda \u003c7.21.13",
"product_id": "T046634"
}
},
{
"category": "product_version",
"name": "7.21.13",
"product": {
"name": "Open Source Camunda 7.21.13",
"product_id": "T046634-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.13"
}
}
}
],
"category": "product_name",
"name": "Camunda"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.3",
"product": {
"name": "RealObjects PDFreactor \u003c12.3",
"product_id": "T046765"
}
},
{
"category": "product_version",
"name": "12.3",
"product": {
"name": "RealObjects PDFreactor 12.3",
"product_id": "T046765-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.3"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS \u003c9.4M9 (TS1M9)",
"product_id": "T047382"
}
},
{
"category": "product_version",
"name": "9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS 9.4M9 (TS1M9)",
"product_id": "T047382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:sas:base_sas:9.4m9_%28ts1m9%29"
}
}
}
],
"category": "product_name",
"name": "Base SAS"
}
],
"category": "vendor",
"name": "SAS Institute"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.10",
"product": {
"name": "VMware Tanzu Spring Framework \u003c6.2.10",
"product_id": "T046245"
}
},
{
"category": "product_version",
"name": "6.2.10",
"product": {
"name": "VMware Tanzu Spring Framework 6.2.10",
"product_id": "T046245-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_framework:6.2.10"
}
}
}
],
"category": "product_name",
"name": "Spring Framework"
}
],
"category": "vendor",
"name": "VMware Tanzu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41242",
"product_status": {
"known_affected": [
"T047382",
"T047719",
"T052048",
"T023548",
"T043411",
"T046633",
"T046765",
"T046634",
"T045428",
"T025631",
"T005180",
"T046632",
"T046245",
"T048301"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-41242"
}
]
}
WID-SEC-W-2026-0351
Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-02-09 23:00Summary
Dell NetWorker (Third Party Components): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dell NetWorker stellt zentralisiert Backup- und Recovery-Dienste bereit.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell NetWorker ausnutzen, um Angriffe zu starten, die die Integrität, Vertraulichkeit und Verfügbarkeit von Systemen beeinträchtigen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell NetWorker stellt zentralisiert Backup- und Recovery-Dienste bereit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell NetWorker ausnutzen, um Angriffe zu starten, die die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit von Systemen beeintr\u00e4chtigen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0351 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0351.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0351 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0351"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-023 vom 2026-02-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000425429/dsa-2026-023-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-024 vom 2026-02-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000425759/dsa-2026-024-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Dell NetWorker (Third Party Components): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-09T23:00:00.000+00:00",
"generator": {
"date": "2026-02-10T10:02:33.638+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0351",
"initial_release_date": "2026-02-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "AUTHC \u003c19.14",
"product": {
"name": "Dell NetWorker AUTHC \u003c19.14",
"product_id": "T050629"
}
},
{
"category": "product_version",
"name": "AUTHC 19.14",
"product": {
"name": "Dell NetWorker AUTHC 19.14",
"product_id": "T050629-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:authc__19.14"
}
}
},
{
"category": "product_version_range",
"name": "Management Console \u003c19.14",
"product": {
"name": "Dell NetWorker Management Console \u003c19.14",
"product_id": "T050630"
}
},
{
"category": "product_version",
"name": "Management Console 19.14",
"product": {
"name": "Dell NetWorker Management Console 19.14",
"product_id": "T050630-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:management_console__19.14"
}
}
},
{
"category": "product_version_range",
"name": "Management Web UI \u003c19.14",
"product": {
"name": "Dell NetWorker Management Web UI \u003c19.14",
"product_id": "T050631"
}
},
{
"category": "product_version",
"name": "Management Web UI 19.14",
"product": {
"name": "Dell NetWorker Management Web UI 19.14",
"product_id": "T050631-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:management_web_ui__19.14"
}
}
},
{
"category": "product_version_range",
"name": "REST API \u003c19.14",
"product": {
"name": "Dell NetWorker REST API \u003c19.14",
"product_id": "T050632"
}
},
{
"category": "product_version",
"name": "REST API 19.14",
"product": {
"name": "Dell NetWorker REST API 19.14",
"product_id": "T050632-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:rest_api__19.14"
}
}
},
{
"category": "product_version_range",
"name": "File-Level Recovery \u003c19.14",
"product": {
"name": "Dell NetWorker File-Level Recovery \u003c19.14",
"product_id": "T050633"
}
},
{
"category": "product_version",
"name": "File-Level Recovery 19.14",
"product": {
"name": "Dell NetWorker File-Level Recovery 19.14",
"product_id": "T050633-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:file-level_recovery__19.14"
}
}
},
{
"category": "product_version_range",
"name": "vCenter User Interface \u003c19.14",
"product": {
"name": "Dell NetWorker vCenter User Interface \u003c19.14",
"product_id": "T050634"
}
},
{
"category": "product_version",
"name": "vCenter User Interface 19.14",
"product": {
"name": "Dell NetWorker vCenter User Interface 19.14",
"product_id": "T050634-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vcenter_user_interface__19.14"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-5783",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2012-5783"
},
{
"cve": "CVE-2014-3577",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2014-3577"
},
{
"cve": "CVE-2015-5262",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2015-5262"
},
{
"cve": "CVE-2020-13956",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2024-29736",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-29736"
},
{
"cve": "CVE-2024-32007",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-32007"
},
{
"cve": "CVE-2024-41172",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-41172"
},
{
"cve": "CVE-2025-11226",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-11226"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-22233",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22233"
},
{
"cve": "CVE-2025-22235",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22235"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-27820",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-27820"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-41234",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41234"
},
{
"cve": "CVE-2025-41242",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41254",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41254"
},
{
"cve": "CVE-2025-46392",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-46392"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-7962",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8713",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8713"
},
{
"cve": "CVE-2025-8714",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8714"
},
{
"cve": "CVE-2025-8715",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8715"
},
{
"cve": "CVE-2025-8885",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8885"
}
]
}
WID-SEC-W-2026-0862
Vulnerability from csaf_certbund - Published: 2026-03-25 23:00 - Updated: 2026-03-25 23:00Summary
RealObjects PDFreactor: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: PDFreactor ist eine Software zur Konvertierung von HTML-Dokumenten in PDF.
Angriff: Ein Angreifer kann mehrere Schwachstellen in RealObjects PDFreactor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RealObjects PDFreactor <12.5
RealObjects / PDFreactor
|
<12.5 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PDFreactor ist eine Software zur Konvertierung von HTML-Dokumenten in PDF.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in RealObjects PDFreactor ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0862 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0862.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0862 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0862"
},
{
"category": "external",
"summary": "PDFreactor 12.5 release notes vom 2026-03-25",
"url": "https://www.pdfreactor.com/pdfreactor-12-5/"
}
],
"source_lang": "en-US",
"title": "RealObjects PDFreactor: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-25T23:00:00.000+00:00",
"generator": {
"date": "2026-03-26T08:58:22.852+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0862",
"initial_release_date": "2026-03-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.5",
"product": {
"name": "RealObjects PDFreactor \u003c12.5",
"product_id": "T052143"
}
},
{
"category": "product_version",
"name": "12.5",
"product": {
"name": "RealObjects PDFreactor 12.5",
"product_id": "T052143-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.5"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11143",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2025-11143"
},
{
"cve": "CVE-2025-41242",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2026-1605",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-1605"
},
{
"cve": "CVE-2026-21925",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"product_status": {
"known_affected": [
"T052143"
]
},
"release_date": "2026-03-25T23:00:00.000+00:00",
"title": "CVE-2026-21945"
}
]
}
WID-SEC-W-2026-1192
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-04-21 22:00Summary
Oracle E-Business Suite: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle E-Business Suite ist eine Sammlung geschäftlicher Anwendungen für Unternehmen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle E-Business Suite ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite 15.0
Oracle / E-Business Suite
|
cpe:/a:oracle:e-business_suite:15.0
|
15 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle E-Business Suite <=12.2.15
Oracle / E-Business Suite
|
<=12.2.15 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle E-Business Suite ist eine Sammlung gesch\u00e4ftlicher Anwendungen f\u00fcr Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle E-Business Suite ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1192 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1192.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1192 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1192"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2026 - Appendix Oracle E-Business Suite vom 2026-04-21",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixEBS"
}
],
"source_lang": "en-US",
"title": "Oracle E-Business Suite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-21T22:00:00.000+00:00",
"generator": {
"date": "2026-04-22T08:44:14.052+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1192",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=12.2.15",
"product": {
"name": "Oracle E-Business Suite \u003c=12.2.15",
"product_id": "CEE375D3-F263-4F58-A247-C4D17407F258"
}
},
{
"category": "product_version_range",
"name": "\u003c=12.2.15",
"product": {
"name": "Oracle E-Business Suite \u003c=12.2.15",
"product_id": "CEE375D3-F263-4F58-A247-C4D17407F258-fixed"
}
},
{
"category": "product_version",
"name": "15",
"product": {
"name": "Oracle E-Business Suite 15.0",
"product_id": "T053090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:e-business_suite:15.0"
}
}
}
],
"category": "product_name",
"name": "E-Business Suite"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-51504",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41242",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-58057",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-68161",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-22011",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22011"
},
{
"cve": "CVE-2026-22014",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22014"
},
{
"cve": "CVE-2026-34274",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34274"
},
{
"cve": "CVE-2026-34275",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34275"
},
{
"cve": "CVE-2026-34297",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34297"
},
{
"cve": "CVE-2026-34298",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34298"
},
{
"cve": "CVE-2026-34302",
"product_status": {
"known_affected": [
"T053090"
],
"last_affected": [
"CEE375D3-F263-4F58-A247-C4D17407F258"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34302"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…