Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-26464 (GCVE-0-2023-26464)
Vulnerability from cvelistv5 – Published: 2023-03-10 13:38 – Updated: 2025-02-13 16:44
VLAI
EPSS
Title
Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
Summary
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/wkx6grrcjkh86crr4… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2023050… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Log4j |
Affected:
1.0.4 , < 2
(maven)
Unaffected: 2 , ≤ * (maven) |
|
| apache | log4j |
Affected:
1.0.4 , < 2.0
(custom)
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* |
Credits
Garrett Tucker of Red Hat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "log4j",
"vendor": "apache",
"versions": [
{
"lessThan": "2.0",
"status": "affected",
"version": "1.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T16:39:52.195542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T16:40:55.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Apache Log4j",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "1.0.4",
"versionType": "maven"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "2",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Garrett Tucker of Red Hat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED **\u003c/div\u003e\u003cdiv\u003eWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\u003c/div\u003e\u003cdiv\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T19:06:22.847Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-26464",
"datePublished": "2023-03-10T13:38:16.190Z",
"dateReserved": "2023-02-23T16:15:06.902Z",
"dateUpdated": "2025-02-13T16:44:55.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-26464",
"date": "2026-06-04",
"epss": "0.00125",
"percentile": "0.31277"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-26464\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-03-10T14:15:10.453\",\"lastModified\":\"2025-02-13T17:16:12.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"** UNSUPPORTED WHEN ASSIGNED **\\n\\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \\nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\\n\\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\\n\\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.4\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"CA680396-534B-4D0E-8F7F-F504B3E032A2\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230505-0008/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230505-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230505-0008/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:53:52.958Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26464\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T16:39:52.195542Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"log4j\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.4\", \"lessThan\": \"2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T16:40:50.606Z\"}}], \"cna\": {\"title\": \"Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Garrett Tucker of Red Hat\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Log4j\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.4\", \"lessThan\": \"2\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230505-0008/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"** UNSUPPORTED WHEN ASSIGNED **\\n\\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \\nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\\n\\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\\n\\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED **\u003c/div\u003e\u003cdiv\u003eWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \\nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\u003c/div\u003e\u003cdiv\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-05-05T19:06:22.847Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-26464\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:44:55.555Z\", \"dateReserved\": \"2023-02-23T16:15:06.902Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-03-10T13:38:16.190Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, АО «НТЦ ИТ РОСА», Apache Software Foundation, Google Inc
Software Name
Red Hat Enterprise Linux, Jboss Web Server, Debian GNU/Linux, Red Hat Software Collections, JBoss Enterprise Application Platform, JBoss Data Grid, OpenShift Application Runtimes, Red Hat Single Sign-On, Red Hat JBoss Data Virtualization, Jboss Fuse, A-MQ Clients, Data Grid, OpenShift Developer Tools and Services, РОСА ХРОМ (запись в едином реестре российских программ №1607), Migration Toolkit for Runtimes, Red Hat JBoss A-MQ Streams, Jboss Fuse Service Works, Red Hat OpenShift Dev Spaces, Log4j, JBoss EAP, Android Studio
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 5.0 (Jboss Web Server), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 7 (JBoss Enterprise Application Platform), 7 (JBoss Data Grid), - (OpenShift Application Runtimes), 7 (Red Hat Single Sign-On), 3 (Jboss Web Server), 6 (Red Hat JBoss Data Virtualization), 6 (Jboss Fuse), 2 (A-MQ Clients), 8 (Data Grid), 11 (Debian GNU/Linux), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform), 9 (Red Hat Enterprise Linux), - (OpenShift Developer Tools and Services), 12.4 (РОСА ХРОМ), - (Migration Toolkit for Runtimes), - (Red Hat JBoss A-MQ Streams), 6 (Jboss Fuse Service Works), 7.4 for RHEL 9 (JBoss Enterprise Application Platform), - (Red Hat OpenShift Dev Spaces), от 1.0.4 до 2.0 (Log4j), 7.4.13 (JBoss EAP), 2025.2.3.9 (Android Studio)
Possible Mitigations
Использование рекомендаций:
Для Log4j:
https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-26464
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-26464
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2519
Reference
https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
https://security-tracker.debian.org/tracker/CVE-2023-26464
https://access.redhat.com/security/cve/CVE-2023-26464
https://abf.rosa.ru/advisories/ROSA-SA-2024-2519
CWE
CWE-502
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Apache Software Foundation, Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 5.0 (Jboss Web Server), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 7 (JBoss Enterprise Application Platform), 7 (JBoss Data Grid), - (OpenShift Application Runtimes), 7 (Red Hat Single Sign-On), 3 (Jboss Web Server), 6 (Red Hat JBoss Data Virtualization), 6 (Jboss Fuse), 2 (A-MQ Clients), 8 (Data Grid), 11 (Debian GNU/Linux), 7.4 for RHEL 8 (JBoss Enterprise Application Platform), 7.4 on RHEL 7 (JBoss Enterprise Application Platform), 9 (Red Hat Enterprise Linux), - (OpenShift Developer Tools and Services), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), - (Migration Toolkit for Runtimes), - (Red Hat JBoss A-MQ Streams), 6 (Jboss Fuse Service Works), 7.4 for RHEL 9 (JBoss Enterprise Application Platform), - (Red Hat OpenShift Dev Spaces), \u043e\u0442 1.0.4 \u0434\u043e 2.0 (Log4j), 7.4.13 (JBoss EAP), 2025.2.3.9 (Android Studio)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Log4j:\nhttps://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-26464\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-26464\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2519",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.03.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07207",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-26464",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Jboss Web Server, Debian GNU/Linux, Red Hat Software Collections, JBoss Enterprise Application Platform, JBoss Data Grid, OpenShift Application Runtimes, Red Hat Single Sign-On, Red Hat JBoss Data Virtualization, Jboss Fuse, A-MQ Clients, Data Grid, OpenShift Developer Tools and Services, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Migration Toolkit for Runtimes, Red Hat JBoss A-MQ Streams, Jboss Fuse Service Works, Red Hat OpenShift Dev Spaces, Log4j, JBoss EAP, Android Studio",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 9 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 Chainsaw \u0438 SocketAppender \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Log4j, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 Chainsaw \u0438 SocketAppender \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Log4j \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\nhttps://security-tracker.debian.org/tracker/CVE-2023-26464\nhttps://access.redhat.com/security/cve/CVE-2023-26464\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2519",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2024-AVI-0027
Vulnerability from certfr_avis - Published: 2024-01-11 - Updated: 2024-01-11
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPView versions versions antérieures à 9.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO | ||
| Juniper Networks | N/A | Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1 | ||
| Juniper Networks | Junos OS | Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à SSR-6.2.3-r2 | ||
| Juniper Networks | N/A | Security Director Insights versions antérieures à 23.1R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2024-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2024-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2024-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2024-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2024-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2024-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2024-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2024-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2024-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2024-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2024-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-21612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2024-21603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2023-36842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2024-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2024-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
}
],
"initial_release_date": "2024-01-11T00:00:00",
"last_revision_date": "2024-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
}
]
}
CERTFR-2024-AVI-0419
Vulnerability from certfr_avis - Published: 2024-05-17 - Updated: 2024-05-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.16 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.6 avec le correctif de sécurité PH61189 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.16",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 avec le correctif de s\u00e9curit\u00e9 PH61189",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-25613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25613"
},
{
"name": "CVE-2023-41419",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41419"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2018-11770",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11770"
},
{
"name": "CVE-2018-11804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11804"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2018-17190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17190"
},
{
"name": "CVE-2023-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26145"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-31486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31486"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
}
],
"initial_release_date": "2024-05-17T00:00:00",
"last_revision_date": "2024-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150929 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150929"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152257 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152260 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152260"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7152258 du 15 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7152258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150844 du 10 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150844"
}
]
}
CERTFR-2026-AVI-0281
Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk AppDynamics On-Premises Enterprise Console | Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x antérieures à 26.1.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.124 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.1 | ||
| Splunk | Splunk AppDynamics NodeJS Agent | Splunk AppDynamics NodeJS Agent versions 25.12.x antérieures à 25.12.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.10 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.17 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk AppDynamics Private Synthetic Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x ant\u00e9rieures \u00e0 26.1.1",
"product": {
"name": "Splunk AppDynamics On-Premises Enterprise Console",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.12",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.124",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics NodeJS Agent versions 25.12.x ant\u00e9rieures \u00e0 25.12.1",
"product": {
"name": "Splunk AppDynamics NodeJS Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.10",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.17",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.7",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2018-16864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16864"
},
{
"name": "CVE-2025-48073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48073"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-11219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11219"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1594"
},
{
"name": "CVE-2025-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3887"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-4574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4574"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
},
{
"name": "CVE-2025-12444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2025-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11213"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-12036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
},
{
"name": "CVE-2012-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0871"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0518"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-12438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2025-12435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2013-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4394"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2025-64183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64183"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-47808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47808"
},
{
"name": "CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2017-18078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18078"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2025-11207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11207"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2025-13223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"
},
{
"name": "CVE-2025-12431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2026-21226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21226"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
},
{
"name": "CVE-2025-12437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-69230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-0716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0716"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-12434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-12439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
},
{
"name": "CVE-2018-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16865"
},
{
"name": "CVE-2025-14874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14874"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2025-48072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48072"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-12432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2026-20165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20165"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-22919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22919"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-12443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-6602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6602"
},
{
"name": "CVE-2025-11215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11215"
},
{
"name": "CVE-2013-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4393"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2025-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11205"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2025-11208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11208"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-8372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8372"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
},
{
"name": "CVE-2025-59730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59730"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11212"
},
{
"name": "CVE-2025-12495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12495"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2025-12840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12840"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-11458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11458"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
},
{
"name": "CVE-2026-20164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20164"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-11211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11211"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-47807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47807"
},
{
"name": "CVE-2025-47806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47806"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-64182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64182"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-6604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6604"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2017-9217",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9217"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2025-64181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64181"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-12436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2013-4327",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4327"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-12446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
},
{
"name": "CVE-2025-13228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13228"
},
{
"name": "CVE-2013-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4391"
},
{
"name": "CVE-2026-20166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20166"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-12441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-6601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6601"
},
{
"name": "CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13224"
},
{
"name": "CVE-2025-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13042"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2025-11460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11460"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-13229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13229"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2025-12440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-11216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11216"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2018-1049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1049"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-11210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11210"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-10256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10256"
},
{
"name": "CVE-2026-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20162"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-12839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12839"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2019-3844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3844"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2023-6605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6605"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2025-12430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-11206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11206"
},
{
"name": "CVE-2025-62408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
},
{
"name": "CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9951"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2025-59729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59729"
},
{
"name": "CVE-2025-48071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48071"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2025-69224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
},
{
"name": "CVE-2025-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2759"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2024-8373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8373"
},
{
"name": "CVE-2025-11209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11209"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21490"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-49501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49501"
},
{
"name": "CVE-2019-3843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3843"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2026-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26981"
},
{
"name": "CVE-2025-12447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2013-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4392"
},
{
"name": "CVE-2025-48074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48074"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2016-7795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7795"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-12428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
},
{
"name": "CVE-2026-20163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20163"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0281",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0302",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0311",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0311"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0308",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0308"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0309",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0309"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0305",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0310",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0310"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0304",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0301",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0313",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0313"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0306",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0306"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0303",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0307",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0307"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0312",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0312"
}
]
}
Title
Apache Log4j资源管理错误漏洞
Description
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。
Apache Log4j存在资源管理错误漏洞,该漏洞源于对特制的哈希图或哈希表进行处理可能会耗尽虚拟机中的可用内存,攻击者可利用该漏洞在反序列化对象时导致拒绝服务。
Severity
高
Patch Name
Apache Log4j资源管理错误漏洞的补丁
Patch Description
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。
Apache Log4j存在资源管理错误漏洞,该漏洞源于对特制的哈希图或哈希表进行处理可能会耗尽虚拟机中的可用内存,攻击者可利用该漏洞在反序列化对象时导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-26464
Impacted products
| Name | Apache Log4j >=1.0.4,<2.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-26464",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
}
},
"description": "Apache Log4j\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eJava\u7684\u5f00\u6e90\u65e5\u5fd7\u8bb0\u5f55\u5de5\u5177\u3002\n\nApache Log4j\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7279\u5236\u7684\u54c8\u5e0c\u56fe\u6216\u54c8\u5e0c\u8868\u8fdb\u884c\u5904\u7406\u53ef\u80fd\u4f1a\u8017\u5c3d\u865a\u62df\u673a\u4e2d\u7684\u53ef\u7528\u5185\u5b58\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53cd\u5e8f\u5217\u5316\u5bf9\u8c61\u65f6\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-30858",
"openTime": "2023-04-27",
"patchDescription": "Apache Log4j\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u57fa\u4e8eJava\u7684\u5f00\u6e90\u65e5\u5fd7\u8bb0\u5f55\u5de5\u5177\u3002\r\n\r\nApache Log4j\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7279\u5236\u7684\u54c8\u5e0c\u56fe\u6216\u54c8\u5e0c\u8868\u8fdb\u884c\u5904\u7406\u53ef\u80fd\u4f1a\u8017\u5c3d\u865a\u62df\u673a\u4e2d\u7684\u53ef\u7528\u5185\u5b58\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53cd\u5e8f\u5217\u5316\u5bf9\u8c61\u65f6\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Log4j\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache Log4j \u003e=1.0.4\uff0c\u003c2.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"serverity": "\u9ad8",
"submitTime": "2023-03-14",
"title": "Apache Log4j\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}
FKIE_CVE-2023-26464
Vulnerability from fkie_nvd - Published: 2023-03-10 14:15 - Updated: 2025-02-13 17:16
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t | Mailing List | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20230505-0008/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230505-0008/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA680396-534B-4D0E-8F7F-F504B3E032A2",
"versionEndExcluding": "2.0",
"versionStartIncluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"id": "CVE-2023-26464",
"lastModified": "2025-02-13T17:16:12.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-10T14:15:10.453",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-VP98-W2P3-MV35
Vulnerability from github – Published: 2023-03-10 15:30 – Updated: 2025-09-02 22:25
VLAI
Summary
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
Details
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.logging.log4j:log4j-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.4"
},
{
"fixed": "2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "log4j:log4j"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.4"
},
{
"fixed": "2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26464"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-10T23:48:32Z",
"nvd_published_at": "2023-03-10T14:15:00Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-vp98-w2p3-mv35",
"modified": "2025-09-02T22:25:25Z",
"published": "2023-03-10T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/logging-log4j2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230505-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Log4j 1.x (EOL) allows Denial of Service (DoS)"
}
GSD-2023-26464
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-26464",
"id": "GSD-2023-26464",
"references": [
"https://www.suse.com/security/cve/CVE-2023-26464.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-26464"
],
"details": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n",
"id": "GSD-2023-26464",
"modified": "2023-12-13T01:20:54.176629Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2023-26464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown",
"versions": [
{
"lessThan": "2",
"status": "affected",
"version": "1.0.4",
"versionType": "maven"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "2",
"versionType": "maven"
}
]
}
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Garrett Tucker of Red Hat"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-502",
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230505-0008/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.0.4,2.0)",
"affected_versions": "All versions starting from 1.0.4 before 2.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2023-05-05",
"description": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"fixed_versions": [
"2.0"
],
"identifier": "CVE-2023-26464",
"identifiers": [
"CVE-2023-26464"
],
"not_impacted": "All versions starting from 2.0",
"package_slug": "maven/log4j/log4j",
"pubdate": "2023-03-10",
"solution": "Upgrade to version 2.0 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
],
"uuid": "bd6f4c28-58c8-426e-80d2-20bbee6534d7"
},
{
"affected_range": "[1.0.4,2.0)",
"affected_versions": "All versions starting from 1.0.4 before 2.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2023-05-05",
"description": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"fixed_versions": [
"2.0"
],
"identifier": "CVE-2023-26464",
"identifiers": [
"CVE-2023-26464",
"GHSA-vp98-w2p3-mv35"
],
"not_impacted": "All versions before 1.0.4, all versions starting from 2.0",
"package_slug": "maven/org.apache.logging.log4j/log4j-core",
"pubdate": "2023-03-10",
"solution": "Upgrade to version 2.0 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"https://github.com/advisories/GHSA-vp98-w2p3-mv35"
],
"uuid": "efde2011-549d-4897-aaf3-e176cd8407c6"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0",
"versionStartIncluding": "1.0.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2023-26464"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
},
{
"name": "https://security.netapp.com/advisory/ntap-20230505-0008/",
"refsource": "MISC",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-05-05T20:15Z",
"publishedDate": "2023-03-10T14:15Z"
}
}
}
NCSC-2025-0128
Vulnerability from csaf_ncscnl - Published: 2025-04-16 15:01 - Updated: 2025-04-16 15:01Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-125: Out-of-bounds Read
CWE-404: Improper Resource Shutdown or Release
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-400: Uncontrolled Resource Consumption
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-611: Improper Restriction of XML External Entity Reference
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-121: Stack-based Buffer Overflow
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20: Improper Input Validation
8.8 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
8.2 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.1 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
6.5 (Medium)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
8.1 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
References
22 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpuapr2025.html | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2020… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2020… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2025-04-16T15:01:24.587426Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0128",
"initial_release_date": "2025-04-16T15:01:24.587426Z",
"revision_history": [
{
"date": "2025-04-16T15:01:24.587426Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2699078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Access Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698989",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698967",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839938",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698998",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698997",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839896",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1839897",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-1840030",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.5.7",
"product": {
"name": "vers:oracle/8.5.7",
"product_id": "CSAFPID-1839872",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840014",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1839982",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839988",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Fusion Middleware MapViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698948",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle JDeveloper"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-2699057",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Forms Recognition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840006",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698985",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840028",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699064",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Business Activity Monitoring"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2699044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
}
],
"category": "product_family",
"name": "Oracle Fusion Middleware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1213401"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-1536644"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1536288"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-1536278"
}
}
],
"category": "product_name",
"name": "Weblogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.5.7",
"product": {
"name": "vers:unknown/8.5.7",
"product_id": "CSAFPID-1233360"
}
}
],
"category": "product_name",
"name": "Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1210435"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-1210304"
}
}
],
"category": "product_name",
"name": "Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1247956"
}
}
],
"category": "product_name",
"name": "Jdeveloper (Application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-1214253"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1232894"
}
}
],
"category": "product_name",
"name": "WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1201529"
}
}
],
"category": "product_name",
"name": "Data Integrator"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1144680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1144604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-39413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-39412",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.3.0",
"product": {
"name": "vers:oracle/12.2.1.3.0",
"product_id": "CSAFPID-1144910"
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1144911",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-317201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-307786",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "WebCenter Portal"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13936",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2020-25649",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25649",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-25649.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26464",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26464.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2023-26464"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11612",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11612",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11612.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-11612"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29857",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-38476",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-38476"
},
{
"cve": "CVE-2024-40896",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-40896",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-40896"
},
{
"cve": "CVE-2024-47072",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52046",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52046",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52046.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json"
}
],
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-27363",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27363",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2025-27363"
}
]
}
RHSA-2023:3663
Vulnerability from csaf_redhat - Published: 2023-06-19 10:15 - Updated: 2026-05-16 23:26Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Low
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
7.0 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.
4.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.
6.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
References
103 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:3663 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087214 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2116952 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135244 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135247 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135770 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135771 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170431 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177626 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177629 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177632 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177634 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2180528 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2182788 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2182864 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2188542 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2207830 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2207835 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2022-2048 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2116952 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-2048 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-2048 | external |
| https://github.com/eclipse/jetty.project/security… | external |
| https://access.redhat.com/security/cve/CVE-2022-22976 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087214 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-22976 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-22976 | external |
| https://tanzu.vmware.com/security/cve-2022-22976 | external |
| https://access.redhat.com/security/cve/CVE-2022-40149 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135771 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-40149 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-40149 | external |
| https://github.com/jettison-json/jettison/release… | external |
| https://access.redhat.com/security/cve/CVE-2022-40150 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135770 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-40150 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-40150 | external |
| https://access.redhat.com/security/cve/CVE-2022-41966 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170431 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-41966 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-41966 | external |
| https://github.com/x-stream/xstream/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2022-42003 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135244 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42003 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | external |
| https://access.redhat.com/security/cve/CVE-2022-42004 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2135247 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-42004 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | external |
| https://access.redhat.com/security/cve/CVE-2023-1370 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2188542 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-1370 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-1370 | external |
| https://github.com/advisories/GHSA-493p-pfq6-5258 | external |
| https://research.jfrog.com/vulnerabilities/stack-… | external |
| https://access.redhat.com/security/cve/CVE-2023-1436 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2182788 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-1436 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-1436 | external |
| https://research.jfrog.com/vulnerabilities/jettis… | external |
| https://access.redhat.com/security/cve/CVE-2023-20860 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2180528 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-20860 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-20860 | external |
| https://spring.io/blog/2023/03/20/spring-framewor… | external |
| https://access.redhat.com/security/cve/CVE-2023-26464 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2182864 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-26464 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-26464 | external |
| https://www.ibm.com/support/pages/security-bullet… | external |
| https://access.redhat.com/security/cve/CVE-2023-27898 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177629 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-27898 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-27898 | external |
| https://www.jenkins.io/security/advisory/2023-03-… | external |
| https://access.redhat.com/security/cve/CVE-2023-27899 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177626 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-27899 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-27899 | external |
| https://www.jenkins.io/security/advisory/2023-03-… | external |
| https://access.redhat.com/security/cve/CVE-2023-27903 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177632 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-27903 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-27903 | external |
| https://www.jenkins.io/security/advisory/2023-03-… | external |
| https://access.redhat.com/security/cve/CVE-2023-27904 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2177634 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-27904 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-27904 | external |
| https://www.jenkins.io/security/advisory/2023-03-… | external |
| https://access.redhat.com/security/cve/CVE-2023-32977 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2207830 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-32977 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-32977 | external |
| https://www.jenkins.io/security/advisory/2023-05-… | external |
| https://access.redhat.com/security/cve/CVE-2023-32981 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2207835 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-32981 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-32981 | external |
| https://www.jenkins.io/security/advisory/2023-05-… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3663",
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2026-05-16T23:26:22+00:00",
"generator": {
"date": "2026-05-16T23:26:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:3663",
"initial_release_date": "2023-06-19T10:15:57+00:00",
"revision_history": [
{
"date": "2023-06-19T10:15:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-19T10:15:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T23:26:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-22976",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087214"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: BCrypt skips salt rounds for work factor of 31",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22976"
},
{
"category": "external",
"summary": "RHBZ#2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22976",
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: BCrypt skips salt rounds for work factor of 31"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-27898",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: XSS vulnerability in plugin manager",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27898"
},
{
"category": "external",
"summary": "RHBZ#2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: XSS vulnerability in plugin manager"
},
{
"cve": "CVE-2023-27899",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary plugin file created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27899"
},
{
"category": "external",
"summary": "RHBZ#2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: Temporary plugin file created with insecure permissions"
},
{
"cve": "CVE-2023-27903",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177632"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary file parameter created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27903"
},
{
"category": "external",
"summary": "RHBZ#2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Temporary file parameter created with insecure permissions"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
},
{
"cve": "CVE-2023-32977",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207830"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32977"
},
{
"category": "external",
"summary": "RHBZ#2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32977"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin"
},
{
"cve": "CVE-2023-32981",
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32981"
},
{
"category": "external",
"summary": "RHBZ#2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…