Vulnerability-Lookup

CVE-2024-0853 (GCVE-0-2024-0853)

Vulnerability from cvelistv5 – Published: 2024-02-03 13:35 – Updated: 2025-06-20 20:04

Title

OCSP verification bypass with TLS session reuse

Summary

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-299 Improper Check for Certificate Revocation

Assigner

curl

References

6 references

URL	Tags
https://curl.se/docs/CVE-2024-0853.json
https://curl.se/docs/CVE-2024-0853.html
https://hackerone.com/reports/2298922
https://security.netapp.com/advisory/ntap-2024030…
https://security.netapp.com/advisory/ntap-2024042…
https://security.netapp.com/advisory/ntap-2024050…

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.5.0 , ≤ 8.5.0 (semver)

Credits

Hiroki Kurosawa Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:19.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "json",
            "tags": [
              "x_transferred"
            ],
            "url": "https://curl.se/docs/CVE-2024-0853.json"
          },
          {
            "name": "www",
            "tags": [
              "x_transferred"
            ],
            "url": "https://curl.se/docs/CVE-2024-0853.html"
          },
          {
            "name": "issue",
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2298922"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240503-0012/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-0853",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-13T19:54:33.332536Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T20:04:09.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hiroki Kurosawa"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-299 Improper Check for Certificate Revocation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T13:06:05.485Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2024-0853.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2024-0853.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/2298922"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0004/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0009/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240503-0012/"
        }
      ],
      "title": "OCSP verification bypass with TLS session reuse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2024-0853",
    "datePublished": "2024-02-03T13:35:25.863Z",
    "dateReserved": "2024-01-24T08:42:02.618Z",
    "dateUpdated": "2025-06-20T20:04:09.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-0853",
      "date": "2026-05-27",
      "epss": "0.00187",
      "percentile": "0.40159"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0853\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2024-02-03T14:15:50.850\",\"lastModified\":\"2025-06-20T20:15:27.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.\"},{\"lang\":\"es\",\"value\":\"curl inadvertidamente mantuvo el ID de sesi\u00f3n SSL para las conexiones en su cach\u00e9 incluso cuando fall\u00f3 la prueba de verificaci\u00f3n del estado (*OCSP stapling*). Una transferencia posterior al mismo nombre de host podr\u00eda tener \u00e9xito si la cach\u00e9 de ID de sesi\u00f3n a\u00fan estuviera actualizada, lo que luego omitir\u00eda la verificaci\u00f3n de estado de verificaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F10DBE-EB62-4DCA-A46B-651A39A3502B\"}]}]}],\"references\":[{\"url\":\"https://curl.se/docs/CVE-2024-0853.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-0853.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2298922\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240307-0004/\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0009/\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240503-0012/\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\"},{\"url\":\"https://curl.se/docs/CVE-2024-0853.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-0853.json\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2298922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240307-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240503-0012/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://curl.se/docs/CVE-2024-0853.json\", \"name\": \"json\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://curl.se/docs/CVE-2024-0853.html\", \"name\": \"www\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://hackerone.com/reports/2298922\", \"name\": \"issue\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0009/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240503-0012/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:18:19.012Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0853\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-13T19:54:33.332536Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-20T20:04:04.912Z\"}}], \"cna\": {\"title\": \"OCSP verification bypass with TLS session reuse\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Hiroki Kurosawa\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Daniel Stenberg\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2024-0853.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2024-0853.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/2298922\", \"name\": \"issue\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0004/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0009/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240503-0012/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-299 Improper Check for Certificate Revocation\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2024-05-03T13:06:05.485Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0853\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-20T20:04:09.066Z\", \"dateReserved\": \"2024-01-24T08:42:02.618Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2024-02-03T13:35:25.863Z\", \"assignerShortName\": \"curl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-1191

Vulnerability from csaf_certbund - Published: 2024-05-20 22:00 - Updated: 2024-05-20 22:00

Summary

HCL BigFix: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2024-0853

Es existiert eine Schwachstelle in HCL BigFix in der cURL Komponente aufgrund einer unzureichenden Behandlung der Session ID. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

CVE-2024-23554

Es existiert eine Cross-Site-Request Schwachstelle in HCL BigFix. Ein entfernter, authentisierter Angreifer kann dies ausnutzen, um beliebigen Programmcode auszuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

CVE-2024-23556

Es existiert eine Schwachstelle in HCL BigFix. Diese ist auf einen Fehler bei der SSL/TLS Renegotiation zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.

CVE-2024-23583

Es existiert eine Schwachstelle in HCL BigFix. Es ist möglich, Anmeldedaten aus dem Task Manager zu extrahieren, um dadurch Zugriff auf die Client Deploy Tools zu erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.hcltechsw.com/csm?id=kb_article&s…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1191 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1191.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1191 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1191"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin KB0113140 vom 2024-05-20",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0113140"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL BigFix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:09:18.521+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1191",
      "initial_release_date": "2024-05-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.11",
                "product": {
                  "name": "HCL BigFix \u003c10.0.11",
                  "product_id": "T026044"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.1",
                "product": {
                  "name": "HCL BigFix \u003c11.0.1",
                  "product_id": "T032489"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.5.24",
                "product": {
                  "name": "HCL BigFix \u003c9.5.24",
                  "product_id": "T032491"
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0853",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in HCL BigFix in der cURL Komponente aufgrund einer unzureichenden Behandlung der Session ID. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2024-0853"
    },
    {
      "cve": "CVE-2024-23554",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Cross-Site-Request Schwachstelle in HCL BigFix. Ein entfernter, authentisierter Angreifer kann dies ausnutzen, um beliebigen Programmcode auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2024-23554"
    },
    {
      "cve": "CVE-2024-23556",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in HCL BigFix. Diese ist auf einen Fehler bei der SSL/TLS Renegotiation zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2024-23556"
    },
    {
      "cve": "CVE-2024-23583",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in HCL BigFix. Es ist m\u00f6glich, Anmeldedaten aus dem Task Manager zu extrahieren, um dadurch Zugriff auf die Client Deploy Tools zu erhalten. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "release_date": "2024-05-20T22:00:00.000+00:00",
      "title": "CVE-2024-23583"
    }
  ]
}

WID-SEC-W-2024-1637

Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2025-03-05 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2020-13956

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2020-1945

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2021-29425

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2021-37533

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-40152

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2022-45378

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-24998

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-29081

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-2976

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-34034

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-36478

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-45853

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-46750

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-4759

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-48795

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-5072

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-52425

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-6129

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-0853

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21133

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21175

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21181

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21182

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-21183

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-22201

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-22243

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-22259

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-22262

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-25062

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-26308

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-29025

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-29857

Affected products

Known affected 7 products

Product	Identifier	Version
IBM FileNet Content Manager 5.5.8 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.8`	5.5.8
IBM FileNet Content Manager 5.6.0 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.6.0`	5.6.0
IBM FileNet Content Manager 5.5.12 IBM / FileNet Content Manager	`cpe:/a:ibm:filenet_content_manager:5.5.12`	5.5.12
Oracle Fusion Middleware 12.2.1.19.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.19.0`	12.2.1.19.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2024…	external
https://github.com/k4it0k1d/CVE-2024-21182	external
https://www.ibm.com/support/pages/node/7184867	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1637 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1637 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Fusion Middleware vom 2024-07-16",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2024-21182 vom 2024-12-30",
        "url": "https://github.com/k4it0k1d/CVE-2024-21182"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184867 vom 2025-03-05",
        "url": "https://www.ibm.com/support/pages/node/7184867"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-03-05T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-06T09:18:07.394+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1637",
      "initial_release_date": "2024-07-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC f\u00fcr CVE-2024-21182 erg\u00e4nzt"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.5.8",
                "product": {
                  "name": "IBM FileNet Content Manager 5.5.8",
                  "product_id": "1487483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.5.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.5.12",
                "product": {
                  "name": "IBM FileNet Content Manager 5.5.12",
                  "product_id": "T039291",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.5.12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.6.0",
                "product": {
                  "name": "IBM FileNet Content Manager 5.6.0",
                  "product_id": "T039292",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FileNet Content Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.2.1.19.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.19.0",
                  "product_id": "T036225",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.19.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13956",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-1945",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2021-29425",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-37533",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2022-40152",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-45378",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2022-45378"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-29081",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-29081"
    },
    {
      "cve": "CVE-2023-2976",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-34034",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-36478",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-36478"
    },
    {
      "cve": "CVE-2023-45853",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2023-46750",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-46750"
    },
    {
      "cve": "CVE-2023-4759",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-5072",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-52425",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-6129",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2024-0853",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-0853"
    },
    {
      "cve": "CVE-2024-21133",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21133"
    },
    {
      "cve": "CVE-2024-21175",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21175"
    },
    {
      "cve": "CVE-2024-21181",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21181"
    },
    {
      "cve": "CVE-2024-21182",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21182"
    },
    {
      "cve": "CVE-2024-21183",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21183"
    },
    {
      "cve": "CVE-2024-22201",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22243",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22243"
    },
    {
      "cve": "CVE-2024-22259",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22259"
    },
    {
      "cve": "CVE-2024-22262",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26308",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-29025",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29857",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-29857"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0853 (GCVE-0-2024-0853)

WID-SEC-W-2024-1191

WID-SEC-W-2024-1637

Tags

Sightings

Nomenclature