Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-4949 (GCVE-0-2025-4949)
Vulnerability from cvelistv5 – Published: 2025-05-21 06:47 – Updated: 2025-10-14 06:30
VLAI
EPSS
Title
XXE vulnerability in Eclipse JGit
Summary
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://projects.eclipse.org/projects/technology.… | release-notes |
| https://projects.eclipse.org/projects/technology.… | release-notes |
| https://projects.eclipse.org/projects/technology.… | release-notes |
| https://projects.eclipse.org/projects/technology.… | release-notes |
| https://gitlab.eclipse.org/security/vulnerability… | issue-tracking |
| https://gitlab.eclipse.org/security/cve-assigneme… | issue-tracking |
| https://projects.eclipse.org/projects/technology.… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse JGit | Eclipse JGit |
Affected:
7.2.0 , < 7.2.1.202505142326-r
(osgi)
Affected: 7.1.0 , < 7.1.1.202505221757-r (osgi) Affected: 7.0.0 , < 7.0.1.202505221510-r (osgi) Affected: 0 , < 5.13.4.202507202350-r (osgi) Affected: 6.0.0 , < 6.10.1.202505221210-r (osgi) |
Credits
Simon Gerst (intrigus-lgtm) https://intrigus.org
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T10:22:48.944398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T10:24:58.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://projects.eclipse.org",
"defaultStatus": "unaffected",
"product": "Eclipse JGit",
"repo": "https://github.com/eclipse-jgit/jgit",
"vendor": "Eclipse JGit",
"versions": [
{
"lessThan": "7.2.1.202505142326-r",
"status": "affected",
"version": "7.2.0",
"versionType": "osgi"
},
{
"lessThan": "7.1.1.202505221757-r",
"status": "affected",
"version": "7.1.0",
"versionType": "osgi"
},
{
"lessThan": "7.0.1.202505221510-r",
"status": "affected",
"version": "7.0.0",
"versionType": "osgi"
},
{
"lessThan": "5.13.4.202507202350-r",
"status": "affected",
"version": "0",
"versionType": "osgi"
},
{
"lessThan": "6.10.1.202505221210-r",
"status": "affected",
"version": "6.0.0",
"versionType": "osgi"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.eclipse.jgit/org.eclipse.jgit",
"product": "Eclipse JGit",
"repo": "https://github.com/eclipse-jgit/jgit",
"vendor": "Eclipse JGit",
"versions": [
{
"lessThan": "7.2.1.202505142326-r",
"status": "affected",
"version": "7.2.0",
"versionType": "osgi"
},
{
"lessThan": "7.1.1.202505221757-r",
"status": "affected",
"version": "7.1.0",
"versionType": "osgi"
},
{
"lessThan": "7.0.1.202505221510-r",
"status": "affected",
"version": "7.0.0",
"versionType": "osgi"
},
{
"lessThan": "5.13.4.202507202350-r",
"status": "affected",
"version": "0",
"versionType": "osgi"
},
{
"lessThan": "6.10.1.202505221210-r",
"status": "affected",
"version": "6.0.0",
"versionType": "osgi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simon Gerst (intrigus-lgtm) https://intrigus.org"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the \u003ccode\u003eManifestParser\u003c/code\u003e class used by the \u003ccode\u003erepo\u003c/code\u003e command and the \u003ccode\u003eAmazonS3\u003c/code\u003e class used to implement the experimental \u003ccode\u003eamazons3\u003c/code\u003e git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues."
}
],
"value": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-827",
"description": "CWE-827 Improper Control of Document Type Definition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T06:30:04.660Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XXE vulnerability in Eclipse JGit",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-4949",
"datePublished": "2025-05-21T06:47:19.777Z",
"dateReserved": "2025-05-19T07:02:22.381Z",
"dateUpdated": "2025-10-14T06:30:04.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-4949",
"date": "2026-07-03",
"epss": "0.0104",
"percentile": "0.59797"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4949\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-21T07:16:01.397\",\"lastModified\":\"2026-06-17T09:34:22.633\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\"},{\"lang\":\"es\",\"value\":\"En las versiones 7.2.0.202503040940-r y anteriores de Eclipse JGit, la clase ManifestParser, utilizada por el comando repo, y la clase AmazonS3, utilizada para implementar el protocolo experimental de transporte de Git amazons3, que permite almacenar archivos de paquetes de Git en un bucket de Amazon S3, son vulnerables a ataques de Entidad Externa XML (XXE) al analizar archivos XML. Esta vulnerabilidad puede provocar divulgaci\u00f3n de informaci\u00f3n, denegaci\u00f3n de servicio y otros problemas de seguridad.\"}],\"affected\":[{\"source\":\"emo@eclipse.org\",\"affectedData\":[{\"vendor\":\"Eclipse JGit\",\"product\":\"Eclipse JGit\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://projects.eclipse.org\",\"repo\":\"https://github.com/eclipse-jgit/jgit\",\"versions\":[{\"version\":\"7.2.0\",\"lessThan\":\"7.2.1.202505142326-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"7.1.0\",\"lessThan\":\"7.1.1.202505221757-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThan\":\"7.0.1.202505221510-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.13.4.202507202350-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.10.1.202505221210-r\",\"versionType\":\"osgi\",\"status\":\"affected\"}]},{\"vendor\":\"Eclipse JGit\",\"product\":\"Eclipse JGit\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"pkg:maven/org.eclipse.jgit/org.eclipse.jgit\",\"repo\":\"https://github.com/eclipse-jgit/jgit\",\"versions\":[{\"version\":\"7.2.0\",\"lessThan\":\"7.2.1.202505142326-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"7.1.0\",\"lessThan\":\"7.1.1.202505221757-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThan\":\"7.0.1.202505221510-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.13.4.202507202350-r\",\"versionType\":\"osgi\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.10.1.202505221210-r\",\"versionType\":\"osgi\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-05-21T10:22:48.944398Z\",\"id\":\"CVE-2025-4949\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"},{\"lang\":\"en\",\"value\":\"CWE-827\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13.4\",\"matchCriteriaId\":\"AA83AF58-95B9-4502-B31D-E4FDE3AE38B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.10.1.202505221210\",\"matchCriteriaId\":\"564D2570-3C49-420B-A01D-0803E7EFD1CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.1.202505221510\",\"matchCriteriaId\":\"3FEEF05C-0772-4BAF-A4AB-A87CFE32121C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.1.202505221757\",\"matchCriteriaId\":\"B5B0B7A0-8785-4C21-96F8-98EDD7A23D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.1.202505142326\",\"matchCriteriaId\":\"5D70B5F8-067E-434D-8EC5-33301A264288\"}]}]}],\"references\":[{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/64\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T10:22:48.944398Z\"}}}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T10:24:46.428Z\"}}], \"cna\": {\"title\": \"XXE vulnerability in Eclipse JGit\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Simon Gerst (intrigus-lgtm) https://intrigus.org\"}], \"impacts\": [{\"capecId\": \"CAPEC-201\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-201 Serialized Data External Linking\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.8, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL.\"}]}], \"affected\": [{\"repo\": \"https://github.com/eclipse-jgit/jgit\", \"vendor\": \"Eclipse JGit\", \"product\": \"Eclipse JGit\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.1.202505142326-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"lessThan\": \"7.1.1.202505221757-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.1.202505221510-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.13.4.202507202350-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.10.1.202505221210-r\", \"versionType\": \"osgi\"}], \"collectionURL\": \"https://projects.eclipse.org\", \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://github.com/eclipse-jgit/jgit\", \"vendor\": \"Eclipse JGit\", \"product\": \"Eclipse JGit\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.1.202505142326-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"lessThan\": \"7.1.1.202505221757-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.1.202505221510-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.13.4.202507202350-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.10.1.202505221210-r\", \"versionType\": \"osgi\"}], \"packageName\": \"pkg:maven/org.eclipse.jgit/org.eclipse.jgit\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/64\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse JGit versions 7.2.0.202503040940-r and older, the \u003ccode\u003eManifestParser\u003c/code\u003e class used by the \u003ccode\u003erepo\u003c/code\u003e command and the \u003ccode\u003eAmazonS3\u003c/code\u003e class used to implement the experimental \u003ccode\u003eamazons3\u003c/code\u003e git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-827\", \"description\": \"CWE-827 Improper Control of Document Type Definition\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-10-14T06:30:04.660Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T06:30:04.660Z\", \"dateReserved\": \"2025-05-19T07:02:22.381Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-21T06:47:19.777Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2025-2160
Vulnerability from csaf_certbund - Published: 2025-09-29 22:00 - Updated: 2025-10-14 22:00Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Offenlegung von Informationen, Denial of Service, und einen nicht spezifizierten Angriff
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, und um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration Apache Camel <4.10.7 for Spring Boot
Red Hat / Integration
|
Apache Camel <4.10.7 for Spring Boot | ||
|
IBM App Connect Enterprise <13.0.5.0
IBM / App Connect Enterprise
|
<13.0.5.0 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, und um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2160 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2160.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2160 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2160"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-29",
"url": "https://www.ibm.com/support/pages/node/7246566"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18028 vom 2025-10-14",
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Schwachstelle erm\u00f6glicht Offenlegung von Informationen, Denial of Service, und einen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-10-14T22:00:00.000+00:00",
"generator": {
"date": "2025-10-15T05:30:35.602+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2160",
"initial_release_date": "2025-09-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.5.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.5.0",
"product_id": "T047259"
}
},
{
"category": "product_version",
"name": "13.0.5.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.5.0",
"product_id": "T047259-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.5.0"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Apache Camel \u003c4.10.7 for Spring Boot",
"product": {
"name": "Red Hat Integration Apache Camel \u003c4.10.7 for Spring Boot",
"product_id": "T047637"
}
},
{
"category": "product_version",
"name": "Apache Camel 4.10.7 for Spring Boot",
"product": {
"name": "Red Hat Integration Apache Camel 4.10.7 for Spring Boot",
"product_id": "T047637-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:apache_camel__4.10.7_for_spring_boot"
}
}
}
],
"category": "product_name",
"name": "Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"product_status": {
"known_affected": [
"T047637",
"T047259"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-4949"
}
]
}
WID-SEC-W-2025-2352
Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-10-22 22:00Summary
Oracle Database Server: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- Windows
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
Affected products
Last affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Database Server <=23.9
Oracle / Database Server
|
<=23.9 | ||
|
Oracle Database Server <=19.28
Oracle / Database Server
|
<=19.28 | ||
|
Oracle Database Server <=21.19
Oracle / Database Server
|
<=21.19 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2352 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2352.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2352 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2352"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Database Server vom 2025-10-21",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixDB"
}
],
"source_lang": "en-US",
"title": "Oracle Database Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:07.546+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2352",
"initial_release_date": "2025-10-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-35283, EUVD-2025-35245, EUVD-2025-35260, EUVD-2025-35287"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=21.19",
"product": {
"name": "Oracle Database Server \u003c=21.19",
"product_id": "T047950"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.19",
"product": {
"name": "Oracle Database Server \u003c=21.19",
"product_id": "T047950-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.9",
"product": {
"name": "Oracle Database Server \u003c=23.9",
"product_id": "T047951"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.9",
"product": {
"name": "Oracle Database Server \u003c=23.9",
"product_id": "T047951-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=19.28",
"product": {
"name": "Oracle Database Server \u003c=19.28",
"product_id": "T047952"
}
},
{
"category": "product_version_range",
"name": "\u003c=19.28",
"product": {
"name": "Oracle Database Server \u003c=19.28",
"product_id": "T047952-fixed"
}
}
],
"category": "product_name",
"name": "Database Server"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4517",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4949",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-53047",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53047"
},
{
"cve": "CVE-2025-53051",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53051"
},
{
"cve": "CVE-2025-61749",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-61749"
},
{
"cve": "CVE-2025-61881",
"product_status": {
"last_affected": [
"T047951",
"T047952",
"T047950"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-61881"
}
]
}
WID-SEC-W-2025-2686
Vulnerability from csaf_certbund - Published: 2025-11-26 23:00 - Updated: 2026-03-29 22:00Summary
Red Hat JBoss Enterprise Application Platform (Eclipse JGit): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat JBoss Enterprise Application Platform <8.1.2
Red Hat / JBoss Enterprise Application Platform
|
<8.1.2 | ||
|
Red Hat JBoss Enterprise Application Platform <7.4.24
Red Hat / JBoss Enterprise Application Platform
|
<7.4.24 |
References
13 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2686 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2686.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2686 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2686"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-11-26",
"url": "https://access.redhat.com/errata/RHSA-2025:22187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-11-26",
"url": "https://access.redhat.com/errata/RHSA-2025:22188"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-11-26",
"url": "https://access.redhat.com/errata/RHSA-2025:22189"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22775 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22775"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22773 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22773"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22777 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22777"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4924 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4915 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4917 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4916 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6011 vom 2026-03-30",
"url": "https://access.redhat.com/errata/RHSA-2026:6011"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform (Eclipse JGit): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-03-29T22:00:00.000+00:00",
"generator": {
"date": "2026-03-30T11:01:43.196+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2686",
"initial_release_date": "2025-11-26T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T048926",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T048927",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.2",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c8.1.2",
"product_id": "T048925"
}
},
{
"category": "product_version",
"name": "8.1.2",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8.1.2",
"product_id": "T048925-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.24",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.24",
"product_id": "T051882"
}
},
{
"category": "product_version",
"name": "7.4.24",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.24",
"product_id": "T051882-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.24"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"product_status": {
"known_affected": [
"67646",
"T048927",
"T048926",
"T048925",
"T051882"
]
},
"release_date": "2025-11-26T23:00:00.000+00:00",
"title": "CVE-2025-4949"
}
]
}
WID-SEC-W-2026-0162
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-20 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 14.1.2.1.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.1.0
|
14.1.2.1.0 | |
|
Oracle Fusion Middleware 8.5.8
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.8
|
8.5.8 | |
|
Oracle Fusion Middleware 14.1.2.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.2.0.0
|
14.1.2.0.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 15.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:15.1.1.0.0
|
15.1.1.0.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0162 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0162.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0162 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0162"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Fusion Middleware vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-20T23:00:00.000+00:00",
"generator": {
"date": "2026-01-21T08:54:09.162+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0162",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "14.1.2.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.0.0",
"product_id": "T040467",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
}
}
},
{
"category": "product_version",
"name": "14.1.2.1.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.2.1.0",
"product_id": "T047913",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.1.0"
}
}
},
{
"category": "product_version",
"name": "8.5.8",
"product": {
"name": "Oracle Fusion Middleware 8.5.8",
"product_id": "T047914",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.8"
}
}
},
{
"category": "product_version",
"name": "15.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 15.1.1.0.0",
"product_id": "T050142",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:15.1.1.0.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-12383",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-4949",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-49796",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-5115",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"product_status": {
"known_affected": [
"T047913",
"T047914",
"T040467",
"751674",
"T050142",
"T034057",
"829576"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21962"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…