Vulnerability-Lookup

CVE-2024-28182 (GCVE-0-2024-28182)

Vulnerability from cvelistv5 – Published: 2024-04-04 14:41 – Updated: 2025-11-04 18:30

Title

Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage

Summary

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

10 references

URL	Tags
https://github.com/nghttp2/nghttp2/security/advis…	x_refsource_CONFIRM
https://github.com/nghttp2/nghttp2/commit/00201ec…	x_refsource_MISC
https://github.com/nghttp2/nghttp2/commit/d71a466…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.debian.org/debian-lts-announce/2024…
http://www.openwall.com/lists/oss-security/2024/0…
https://lists.debian.org/debian-lts-announce/2024…
https://www.kb.cert.org/vuls/id/421644

Impacted products

2 products

Vendor	Product	Version
nghttp2	nghttp2	Affected: < 1.61.0
nghttp2	nghttp2	Affected: 0 , < 1.61.0 (custom) cpe:2.3:a:nghttp2:nghttp2::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nghttp2",
            "vendor": "nghttp2",
            "versions": [
              {
                "lessThan": "1.61.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28182",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T17:15:08.320689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T15:54:31.848Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:30:26.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
          },
          {
            "name": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0"
          },
          {
            "name": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/421644"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nghttp2",
          "vendor": "nghttp2",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.61.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:12:22.033Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "name": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0"
        },
        {
          "name": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
        }
      ],
      "source": {
        "advisory": "GHSA-x6x3-gv8h-m57q",
        "discovery": "UNKNOWN"
      },
      "title": "Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-28182",
    "datePublished": "2024-04-04T14:41:36.587Z",
    "dateReserved": "2024-03-06T17:35:00.857Z",
    "dateUpdated": "2025-11-04T18:30:26.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-28182",
      "date": "2026-06-05",
      "epss": "0.24971",
      "percentile": "0.96275"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28182\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-04T15:15:38.427\",\"lastModified\":\"2025-11-04T19:17:05.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"nghttp2 es una implementaci\u00f3n del protocolo de transferencia de hipertexto versi\u00f3n 2 en C. La librer\u00eda nghttp2 anterior a la versi\u00f3n 1.61.0 sigue leyendo el n\u00famero ilimitado de tramas de CONTINUACI\u00d3N HTTP/2 incluso despu\u00e9s de que se restablece una secuencia para mantener sincronizado el contexto HPACK. Esto provoca un uso excesivo de la CPU para decodificar el flujo HPACK. nghttp2 v1.61.0 mitiga esta vulnerabilidad al limitar la cantidad de cuadros de CONTINUACI\u00d3N que acepta por transmisi\u00f3n. No existe workaround para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.61.0\",\"matchCriteriaId\":\"3F0C0A83-CFDE-48EC-BAD2-ABDC0053C684\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/421644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\", \"name\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\", \"name\": \"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\", \"name\": \"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-27T16:02:59.311Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28182\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-04T17:15:08.320689Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\"], \"vendor\": \"nghttp2\", \"product\": \"nghttp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.61.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-15T15:54:25.754Z\"}}], \"cna\": {\"title\": \"Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage\", \"source\": {\"advisory\": \"GHSA-x6x3-gv8h-m57q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"nghttp2\", \"product\": \"nghttp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.61.0\"}]}], \"references\": [{\"url\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\", \"name\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\", \"name\": \"https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\", \"name\": \"https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-01T18:12:22.033Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28182\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:47:27.639Z\", \"dateReserved\": \"2024-03-06T17:35:00.857Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-04T14:41:36.587Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

NCSC-2024-0411

Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:15 - Updated: 2024-10-17 13:15

Summary

Kwetsbaarheden verholpen in Oracle Database producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-208: Observable Timing Discrepancy

CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-755: Improper Handling of Exceptional Conditions

CWE-834: Excessive Iteration

CWE-407: Inefficient Algorithmic Complexity

CWE-178: Improper Handling of Case Sensitivity

CWE-732: Incorrect Permission Assignment for Critical Resource

CWE-415: Double Free

CWE-311: Missing Encryption of Sensitive Data

CWE-427: Uncontrolled Search Path Element

CWE-172: Encoding Error

CWE-680: Integer Overflow to Buffer Overflow

CWE-426: Untrusted Search Path

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-116: Improper Encoding or Escaping of Output

CWE-345: Insufficient Verification of Data Authenticity

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-203: Observable Discrepancy

CWE-190: Integer Overflow or Wraparound

CWE-552: Files or Directories Accessible to External Parties

CWE-639: Authorization Bypass Through User-Controlled Key

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-275: CWE-275

CWE-284: Improper Access Control

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333: Inefficient Regular Expression Complexity

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-416: Use After Free

CWE-401: Missing Release of Memory after Effective Lifetime

CWE-476: NULL Pointer Dereference

CWE-295: Improper Certificate Validation

CWE-668: Exposure of Resource to Wrong Sphere

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-502: Deserialization of Untrusted Data

CWE-918: Server-Side Request Forgery (SSRF)

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-121: Stack-based Buffer Overflow

CWE-681: Incorrect Conversion between Numeric Types

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-269: Improper Privilege Management

CWE-20: Improper Input Validation

CWE-87: Improper Neutralization of Alternate XSS Syntax

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-18: CWE-18

CWE-385: Covert Timing Channel

CWE-606: Unchecked Input for Loop Condition

CWE-192: Integer Coercion Error

CWE-390: Detection of Error Condition Without Action

CWE-1325: Improperly Controlled Sequential Memory Allocation

CWE-222: Truncation of Security-relevant Information

CWE-131: Incorrect Calculation of Buffer Size

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-304: Missing Critical Step in Authentication

CVE-2022-1471

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 48 products

Product	Identifier	Version
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
oracle_goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:oracle_goldengate_stream_analytics::::::::`	—
oracle_sql_developer oracle	`cpe:2.3:a:oracle:oracle_sql_developer::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—

CVE-2022-34169

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-192 - Integer Coercion Error

Affected products

Known affected 49 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate::::::::`	—
application_express oracle	`cpe:2.3:a:oracle:application_express::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.3:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate:19c:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:19c:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:21c:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2022-36033

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-87 - Improper Neutralization of Alternate XSS Syntax

Affected products

Known affected 61 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
application_express oracle	`cpe:2.3:a:oracle:application_express::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.3:::::::*`	—
oracle_goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:oracle_goldengate_stream_analytics::::::::`	—
oracle_goldengate_studio oracle	`cpe:2.3:a:oracle:oracle_goldengate_studio::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate:19c:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2022-37454

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 25 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
oracle_secure_backup oracle	`cpe:2.3:a:oracle:oracle_secure_backup::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate::::::::`	—

CVE-2022-38136

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2022-40196

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2022-41342

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2022-42919

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 23 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2022-45061

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 23 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2022-46337

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 38 products

Product	Identifier	Version
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—

CVE-2023-2976

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Known affected 48 products

Product	Identifier	Version
oracle_nosql_database oracle	`cpe:2.3:a:oracle:oracle_nosql_database::::::::`	—
oracle_goldengate_studio oracle	`cpe:2.3:a:oracle:oracle_goldengate_studio::::::::`	—
oracle_essbase oracle	`cpe:2.3:a:oracle:oracle_essbase::::::::`	—
oracle_goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:oracle_goldengate_stream_analytics::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-4043

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-834 - Excessive Iteration

Affected products

Known affected 39 products

Product	Identifier	Version
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl:23.4-23.5:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-4759

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 15 products

Product	Identifier	Version
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2023-4863

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 14 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—

CVE-2023-5072

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 41 products

Product	Identifier	Version
oracle_goldengate oracle	`cpe:2.3:a:oracle:oracle_goldengate::::::::`	—
oracle_goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:oracle_goldengate_stream_analytics::::::::`	—
oracle_goldengate_studio oracle	`cpe:2.3:a:oracle:oracle_goldengate_studio::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-26031

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-426 - Untrusted Search Path

Affected products

Known affected 15 products

Product	Identifier	Version
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2023-26551

0.0 (None)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-26552

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-26553

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-26554

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-26555

6.4 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-28484

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 35 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—

CVE-2023-29469

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 35 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
application_express_administration oracle	`cpe:2.3:a:oracle:application_express_administration::::::::`	—
application_express_customers_plugin oracle	`cpe:2.3:a:oracle:application_express_customers_plugin::::::::`	—
application_express_team_calendar_plugin oracle	`cpe:2.3:a:oracle:application_express_team_calendar_plugin::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.4.3.0.0:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:19.5.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.28:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.55:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.26:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 44 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.0.0.0:::::::*`	—
oracle_nosql_database oracle	`cpe:2.3:a:oracle:oracle_nosql_database::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
goldengate_big_data oracle	`cpe:2.3:a:oracle:goldengate_big_data::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-37920

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 - Improper Certificate Validation

Affected products

Known affected 15 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—

CVE-2023-39410

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 21 products

Product	Identifier	Version
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 43 products

Product	Identifier	Version
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-44981

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Known affected 30 products

Product	Identifier	Version
oracle_goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:oracle_goldengate_stream_analytics::::::::`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—

CVE-2023-45288

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 45 products

Product	Identifier	Version
goldengate oracle	`cpe:2.3:a:oracle:goldengate:21.3-21.14:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:::::::*`	—
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:21.4.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup::::::::`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.3.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:23.10:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.3:::::::*`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:22.2.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—

CVE-2023-49083

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 26 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2023-51384

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-304 - Missing Critical Step in Authentication

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-51385

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2023-52425

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 15 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2023-52426

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Affected products

Known affected 15 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-1874

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-2408

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-203 - Observable Discrepancy

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-2511

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 17 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-4577

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-4603

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Known affected 17 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-4741

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Known affected 17 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-5458

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:23.4-23.5:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:::::::*`	—

CVE-2024-5585

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-116 - Improper Encoding or Escaping of Output

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-6119

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:23.4-23.5:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:::::::*`	—

CVE-2024-6232

CWE-1333 - Inefficient Regular Expression Complexity

CVE-2024-7264

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 4 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:::::::*`	—

CVE-2024-7592

CWE-400 - Uncontrolled Resource Consumption

CVE-2024-21131

Affected products

Known affected 14 products

Product	Identifier	Version
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21138

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 14 products

Product	Identifier	Version
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21140

Affected products

Known affected 14 products

Product	Identifier	Version
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21144

CWE-20 - Improper Input Validation

Affected products

Known affected 14 products

Product	Identifier	Version
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21145

CWE-787 - Out-of-bounds Write

Affected products

Known affected 14 products

Product	Identifier	Version
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21147

Affected products

Known affected 14 products

Product	Identifier	Version
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-21233

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2024-21242

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_xml_database oracle	`cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:::::::*`	—
database_-_xml_database oracle	`cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:::::::*`	—
database_-_xml_database oracle	`cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:::::::*`	—

CVE-2024-21251

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_java_vm oracle	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:::::::*`	—
database_-_java_vm oracle	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:::::::*`	—
database_-_java_vm oracle	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:::::::*`	—

CVE-2024-21261

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version
oracle_application_express oracle_corporation	`cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

CVE-2024-22018

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-22020

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-22201

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 26 products

Product	Identifier	Version
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-23807

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 17 products

Product	Identifier	Version
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-23944

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 15 products

Product	Identifier	Version
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-24989

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-24990

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-25710

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 28 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-26130

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 26 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-26308

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 28 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:23.1.0:::::::*`	—
autonomous_health_framework oracle	`cpe:2.3:a:oracle:autonomous_health_framework::::::::`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_veridata oracle	`cpe:2.3:a:oracle:goldengate_veridata::::::::`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics::::::::`	—
sqlcl oracle	`cpe:2.3:a:oracle:sqlcl::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:::::::*`	—
spatial_and_graph_mapviewer oracle	`cpe:2.3:a:oracle:spatial_and_graph_mapviewer::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.4.0.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-27983

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 14 products

Product	Identifier	Version
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-28182

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 15 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 15 products

Product	Identifier	Version
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-28887

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 - Uncontrolled Search Path Element

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2024-29025

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 20 products

Product	Identifier	Version
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:24.1.17:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:23.3.33:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:20.3.40:::::::*`	—
fleet_patching_and_provisioning_-_micronaut oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:22.3.45:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:21.2.71:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-29131

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 17 products

Product	Identifier	Version
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-29133

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 17 products

Product	Identifier	Version
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	—
sql_developer oracle	`cpe:2.3:a:oracle:sql_developer:24.3.0:::::::*`	—
goldengate_stream_analytics oracle	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
fleet_patching_and_provisioning oracle	`cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph::::::::`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.5.6:::::::*`	—
management_pack_for__goldengate oracle	`cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:::::::*`	—
goldengate oracle	`cpe:2.3:a:oracle:goldengate::::::::`	—
goldengate_big_data_and_application_adapters oracle	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters::::::::`	—
goldengate_studio oracle	`cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:::::::*`	—
graalvm_for_jdk oracle	`cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.4:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database:1.5:::::::*`	—
nosql_database oracle	`cpe:2.3:a:oracle:nosql_database::::::::`	—

CVE-2024-31079

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-32760

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-34161

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-34750

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
database_-_grid oracle	`cpe:2.3:a:oracle:database_-_grid:19.3-19.24:::::::*`	—
database_-_grid oracle	`cpe:2.3:a:oracle:database_-_grid:21.3-21.15:::::::*`	—

CVE-2024-35200

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-36137

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

CWE-275 - -

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-36138

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-36387

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-37370

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:19.3-19.24:::::::*`	—
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:23.4-23.5:::::::*`	—
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:21.3-21.15:::::::*`	—

CVE-2024-37371

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:19.3-19.24:::::::*`	—
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:23.4-23.5:::::::*`	—
database_-_security oracle	`cpe:2.3:a:oracle:database_-_security:21.3-21.15:::::::*`	—

CVE-2024-37372

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
blockchain_platform oracle	`cpe:2.3:a:oracle:blockchain_platform:21.1.2:::::::*`	—

CVE-2024-38356

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 3 products

Product	Identifier	Version
application_express oracle	`cpe:2.3:a:oracle:application_express:23.1:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

CVE-2024-38357

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 3 products

Product	Identifier	Version
application_express oracle	`cpe:2.3:a:oracle:application_express:23.1:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

CVE-2024-38472

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38473

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-172 - Encoding Error

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38474

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-172 - Encoding Error

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38475

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38476

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38477

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-38998

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 4 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

CVE-2024-38999

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 4 products

Product	Identifier	Version
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:::::::*`	—
spatial_and_graph oracle	`cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

CVE-2024-39573

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-39884

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-18 - -

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—

CVE-2024-40725

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—

CVE-2024-40898

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 3 products

Product	Identifier	Version
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:::::::*`	—
secure_backup oracle	`cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:::::::*`	—
essbase oracle	`cpe:2.3:a:oracle:essbase:21.6:::::::*`	—

CVE-2024-45490

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2024-45491

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2024-45492

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 3 products

Product	Identifier	Version
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:21.3-21.15:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:23.4-23.5:::::::*`	—
database_-_core oracle	`cpe:2.3:a:oracle:database_-_core:19.3-19.24:::::::*`	—

CVE-2024-45801

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
application_express oracle	`cpe:2.3:a:oracle:application_express:23.2:::::::*`	—
application_express oracle	`cpe:2.3:a:oracle:application_express:24.1:::::::*`	—

References

105 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Observable Timing Discrepancy",
        "title": "CWE-208"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
        "title": "CWE-776"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
        "title": "CWE-88"
      },
      {
        "category": "general",
        "text": "Improper Handling of Exceptional Conditions",
        "title": "CWE-755"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Handling of Case Sensitivity",
        "title": "CWE-178"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "Encoding Error",
        "title": "CWE-172"
      },
      {
        "category": "general",
        "text": "Integer Overflow to Buffer Overflow",
        "title": "CWE-680"
      },
      {
        "category": "general",
        "text": "Untrusted Search Path",
        "title": "CWE-426"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Files or Directories Accessible to External Parties",
        "title": "CWE-552"
      },
      {
        "category": "general",
        "text": "Authorization Bypass Through User-Controlled Key",
        "title": "CWE-639"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "CWE-275",
        "title": "CWE-275"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Exposure of Resource to Wrong Sphere",
        "title": "CWE-668"
      },
      {
        "category": "general",
        "text": "Inclusion of Functionality from Untrusted Control Sphere",
        "title": "CWE-829"
      },
      {
        "category": "general",
        "text": "Use of a Broken or Risky Cryptographic Algorithm",
        "title": "CWE-327"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Incorrect Conversion between Numeric Types",
        "title": "CWE-681"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Alternate XSS Syntax",
        "title": "CWE-87"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "CWE-18",
        "title": "CWE-18"
      },
      {
        "category": "general",
        "text": "Covert Timing Channel",
        "title": "CWE-385"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Integer Coercion Error",
        "title": "CWE-192"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Sequential Memory Allocation",
        "title": "CWE-1325"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Incorrect Calculation of Buffer Size",
        "title": "CWE-131"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "Missing Critical Step in Authentication",
        "title": "CWE-304"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Database producten",
    "tracking": {
      "current_release_date": "2024-10-17T13:15:19.595269Z",
      "id": "NCSC-2024-0411",
      "initial_release_date": "2024-10-17T13:15:19.595269Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:15:19.595269Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "database_-_grid",
            "product": {
              "name": "database_-_grid",
              "product_id": "CSAFPID-1673504",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_grid",
            "product": {
              "name": "database_-_grid",
              "product_id": "CSAFPID-1673506",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_core",
            "product": {
              "name": "database_-_core",
              "product_id": "CSAFPID-1673386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_core",
            "product": {
              "name": "database_-_core",
              "product_id": "CSAFPID-1673385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_core",
            "product": {
              "name": "database_-_core",
              "product_id": "CSAFPID-1673442",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_security",
            "product": {
              "name": "database_-_security",
              "product_id": "CSAFPID-1673507",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_security",
            "product": {
              "name": "database_-_security",
              "product_id": "CSAFPID-1673509",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_security",
            "product": {
              "name": "database_-_security",
              "product_id": "CSAFPID-1673508",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph_mapviewer",
            "product": {
              "name": "spatial_and_graph_mapviewer",
              "product_id": "CSAFPID-912561",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph",
            "product": {
              "name": "spatial_and_graph",
              "product_id": "CSAFPID-764250",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph",
            "product": {
              "name": "spatial_and_graph",
              "product_id": "CSAFPID-1673511",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph",
            "product": {
              "name": "spatial_and_graph",
              "product_id": "CSAFPID-1673512",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph",
            "product": {
              "name": "spatial_and_graph",
              "product_id": "CSAFPID-816800",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "spatial_and_graph",
            "product": {
              "name": "spatial_and_graph",
              "product_id": "CSAFPID-1673529",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "fleet_patching_and_provisioning_-_micronaut",
            "product": {
              "name": "fleet_patching_and_provisioning_-_micronaut",
              "product_id": "CSAFPID-1673492",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "fleet_patching_and_provisioning",
            "product": {
              "name": "fleet_patching_and_provisioning",
              "product_id": "CSAFPID-1503603",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_xml_database",
            "product": {
              "name": "database_-_xml_database",
              "product_id": "CSAFPID-1673445",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_xml_database",
            "product": {
              "name": "database_-_xml_database",
              "product_id": "CSAFPID-1673443",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_xml_database",
            "product": {
              "name": "database_-_xml_database",
              "product_id": "CSAFPID-1673444",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_java_vm",
            "product": {
              "name": "database_-_java_vm",
              "product_id": "CSAFPID-1673451",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_java_vm",
            "product": {
              "name": "database_-_java_vm",
              "product_id": "CSAFPID-1673450",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_java_vm",
            "product": {
              "name": "database_-_java_vm",
              "product_id": "CSAFPID-1673452",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autonomous_health_framework",
            "product": {
              "name": "autonomous_health_framework",
              "product_id": "CSAFPID-816798",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autonomous_health_framework",
            "product": {
              "name": "autonomous_health_framework",
              "product_id": "CSAFPID-816799",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autonomous_health_framework",
            "product": {
              "name": "autonomous_health_framework",
              "product_id": "CSAFPID-1673525",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912046",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503299",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-816855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-816361",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912045",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503302",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912044",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-816852",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-816853",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-816854",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sqlcl",
            "product": {
              "name": "sqlcl",
              "product_id": "CSAFPID-816801",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sqlcl",
            "product": {
              "name": "sqlcl",
              "product_id": "CSAFPID-1673405",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express_administration",
            "product": {
              "name": "application_express_administration",
              "product_id": "CSAFPID-764731",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express_customers_plugin",
            "product": {
              "name": "application_express_customers_plugin",
              "product_id": "CSAFPID-764732",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express_team_calendar_plugin",
            "product": {
              "name": "application_express_team_calendar_plugin",
              "product_id": "CSAFPID-764733",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-266119",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-1673510",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-1503575",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-1673188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autonomous_health_framework",
            "product": {
              "name": "autonomous_health_framework",
              "product_id": "CSAFPID-765238",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "autonomous_health_framework",
            "product": {
              "name": "autonomous_health_framework",
              "product_id": "CSAFPID-765239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "blockchain_platform",
            "product": {
              "name": "blockchain_platform",
              "product_id": "CSAFPID-764779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "blockchain_platform",
            "product": {
              "name": "blockchain_platform",
              "product_id": "CSAFPID-89587",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-765259",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-187448",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-94075",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-220886",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-611394",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-816317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-912567",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-1503612",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "essbase",
            "product": {
              "name": "essbase",
              "product_id": "CSAFPID-1673479",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_essbase",
            "product": {
              "name": "oracle_essbase",
              "product_id": "CSAFPID-1650506",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-816845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1650825",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1673404",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1650831",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data",
            "product": {
              "name": "goldengate_big_data",
              "product_id": "CSAFPID-764274",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_stream_analytics",
            "product": {
              "name": "goldengate_stream_analytics",
              "product_id": "CSAFPID-764752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_stream_analytics",
            "product": {
              "name": "goldengate_stream_analytics",
              "product_id": "CSAFPID-1673384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_stream_analytics",
            "product": {
              "name": "goldengate_stream_analytics",
              "product_id": "CSAFPID-220192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_stream_analytics",
            "product": {
              "name": "goldengate_stream_analytics",
              "product_id": "CSAFPID-220193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_studio",
            "product": {
              "name": "goldengate_studio",
              "product_id": "CSAFPID-816846",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_studio",
            "product": {
              "name": "goldengate_studio",
              "product_id": "CSAFPID-611390",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_studio",
            "product": {
              "name": "goldengate_studio",
              "product_id": "CSAFPID-764803",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_veridata",
            "product": {
              "name": "goldengate_veridata",
              "product_id": "CSAFPID-764275",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-342816",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1650767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-485902",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-219912",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503739",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1650765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_goldengate_stream_analytics",
            "product": {
              "name": "oracle_goldengate_stream_analytics",
              "product_id": "CSAFPID-1650515",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "management_pack_for__goldengate",
            "product": {
              "name": "management_pack_for__goldengate",
              "product_id": "CSAFPID-764861",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "management_pack_for__goldengate",
            "product": {
              "name": "management_pack_for__goldengate",
              "product_id": "CSAFPID-1503640",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_goldengate_studio",
            "product": {
              "name": "oracle_goldengate_studio",
              "product_id": "CSAFPID-1650835",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_goldengate",
            "product": {
              "name": "oracle_goldengate",
              "product_id": "CSAFPID-1650575",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-764813",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1503661",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1503663",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673497",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-764764",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-764765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673491",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-764766",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673495",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-764767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673493",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673489",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1673488",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1650757",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1650758",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1650761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1650760",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "nosql_database",
            "product": {
              "name": "nosql_database",
              "product_id": "CSAFPID-1650759",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_nosql_database",
            "product": {
              "name": "oracle_nosql_database",
              "product_id": "CSAFPID-1650584",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_secure_backup",
            "product": {
              "name": "oracle_secure_backup",
              "product_id": "CSAFPID-1650563",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-667692",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-345049",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-611417",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-1673422",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_sql_developer",
            "product": {
              "name": "oracle_sql_developer",
              "product_id": "CSAFPID-1650638",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sql_developer",
            "product": {
              "name": "sql_developer",
              "product_id": "CSAFPID-764822",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sql_developer",
            "product": {
              "name": "sql_developer",
              "product_id": "CSAFPID-220643",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sql_developer",
            "product": {
              "name": "sql_developer",
              "product_id": "CSAFPID-816870",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sql_developer",
            "product": {
              "name": "sql_developer",
              "product_id": "CSAFPID-816871",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "sql_developer",
            "product": {
              "name": "sql_developer",
              "product_id": "CSAFPID-1673397",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "oracle_application_express",
            "product": {
              "name": "oracle_application_express",
              "product_id": "CSAFPID-1673144",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle_corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-611390",
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764779",
          "CSAFPID-94075",
          "CSAFPID-220886",
          "CSAFPID-764803",
          "CSAFPID-764813",
          "CSAFPID-342816",
          "CSAFPID-764752",
          "CSAFPID-764822",
          "CSAFPID-1650515",
          "CSAFPID-1650638",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816317",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-89587",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816361",
          "CSAFPID-220643",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-667692",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-912046",
          "CSAFPID-912045",
          "CSAFPID-912044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-1471",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json"
        }
      ],
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-34169",
      "cwe": {
        "id": "CWE-192",
        "name": "Integer Coercion Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Coercion Error",
          "title": "CWE-192"
        },
        {
          "category": "other",
          "text": "Incorrect Conversion between Numeric Types",
          "title": "CWE-681"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764779",
          "CSAFPID-94075",
          "CSAFPID-342816",
          "CSAFPID-764803",
          "CSAFPID-764813",
          "CSAFPID-764822",
          "CSAFPID-764752",
          "CSAFPID-764275",
          "CSAFPID-764861",
          "CSAFPID-266119",
          "CSAFPID-187448",
          "CSAFPID-219912",
          "CSAFPID-765238",
          "CSAFPID-765239",
          "CSAFPID-765259",
          "CSAFPID-667692",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-764250",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816317",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816361",
          "CSAFPID-220643",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-1673384",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-912046",
          "CSAFPID-912045",
          "CSAFPID-912044",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-34169",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764779",
            "CSAFPID-94075",
            "CSAFPID-342816",
            "CSAFPID-764803",
            "CSAFPID-764813",
            "CSAFPID-764822",
            "CSAFPID-764752",
            "CSAFPID-764275",
            "CSAFPID-764861",
            "CSAFPID-266119",
            "CSAFPID-187448",
            "CSAFPID-219912",
            "CSAFPID-765238",
            "CSAFPID-765239",
            "CSAFPID-765259",
            "CSAFPID-667692",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-764250",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816317",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816361",
            "CSAFPID-220643",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-1673384",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-912046",
            "CSAFPID-912045",
            "CSAFPID-912044",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-36033",
      "cwe": {
        "id": "CWE-87",
        "name": "Improper Neutralization of Alternate XSS Syntax"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Alternate XSS Syntax",
          "title": "CWE-87"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-611390",
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764779",
          "CSAFPID-220886",
          "CSAFPID-94075",
          "CSAFPID-764803",
          "CSAFPID-342816",
          "CSAFPID-764752",
          "CSAFPID-764861",
          "CSAFPID-764813",
          "CSAFPID-764822",
          "CSAFPID-266119",
          "CSAFPID-187448",
          "CSAFPID-1650515",
          "CSAFPID-1650835",
          "CSAFPID-219912",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816317",
          "CSAFPID-667692",
          "CSAFPID-1673384",
          "CSAFPID-912561",
          "CSAFPID-1503575",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816361",
          "CSAFPID-220643",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-912567",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-912046",
          "CSAFPID-912045",
          "CSAFPID-912044",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-36033",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764250",
            "CSAFPID-611394",
            "CSAFPID-764731",
            "CSAFPID-764732",
            "CSAFPID-764733",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-611390",
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-764764",
            "CSAFPID-764765",
            "CSAFPID-764766",
            "CSAFPID-764767",
            "CSAFPID-764779",
            "CSAFPID-220886",
            "CSAFPID-94075",
            "CSAFPID-764803",
            "CSAFPID-342816",
            "CSAFPID-764752",
            "CSAFPID-764861",
            "CSAFPID-764813",
            "CSAFPID-764822",
            "CSAFPID-266119",
            "CSAFPID-187448",
            "CSAFPID-1650515",
            "CSAFPID-1650835",
            "CSAFPID-219912",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816317",
            "CSAFPID-667692",
            "CSAFPID-1673384",
            "CSAFPID-912561",
            "CSAFPID-1503575",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816361",
            "CSAFPID-220643",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-912567",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-912046",
            "CSAFPID-912045",
            "CSAFPID-912044",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-37454",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Integer Overflow to Buffer Overflow",
          "title": "CWE-680"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-611390",
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-220886",
          "CSAFPID-342816",
          "CSAFPID-764752",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764779",
          "CSAFPID-94075",
          "CSAFPID-764803",
          "CSAFPID-764813",
          "CSAFPID-764822",
          "CSAFPID-1650563",
          "CSAFPID-89587",
          "CSAFPID-764861"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-37454",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764250",
            "CSAFPID-611394",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-611390",
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-764731",
            "CSAFPID-764732",
            "CSAFPID-764733",
            "CSAFPID-220886",
            "CSAFPID-342816",
            "CSAFPID-764752",
            "CSAFPID-764764",
            "CSAFPID-764765",
            "CSAFPID-764766",
            "CSAFPID-764767",
            "CSAFPID-764779",
            "CSAFPID-94075",
            "CSAFPID-764803",
            "CSAFPID-764813",
            "CSAFPID-764822",
            "CSAFPID-1650563",
            "CSAFPID-89587",
            "CSAFPID-764861"
          ]
        }
      ],
      "title": "CVE-2022-37454"
    },
    {
      "cve": "CVE-2022-38136",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-38136",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json"
        }
      ],
      "title": "CVE-2022-38136"
    },
    {
      "cve": "CVE-2022-40196",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-40196",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json"
        }
      ],
      "title": "CVE-2022-40196"
    },
    {
      "cve": "CVE-2022-41342",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41342",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json"
        }
      ],
      "title": "CVE-2022-41342"
    },
    {
      "cve": "CVE-2022-42919",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        },
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-611390",
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-220886",
          "CSAFPID-342816",
          "CSAFPID-764752",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764779",
          "CSAFPID-94075",
          "CSAFPID-764803",
          "CSAFPID-764813",
          "CSAFPID-764822",
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-42919",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json"
        }
      ],
      "title": "CVE-2022-42919"
    },
    {
      "cve": "CVE-2022-45061",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-220886",
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-342816",
          "CSAFPID-764752",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764779",
          "CSAFPID-94075",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-611390",
          "CSAFPID-764803",
          "CSAFPID-764813",
          "CSAFPID-764822",
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-45061",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-764731",
            "CSAFPID-764732",
            "CSAFPID-764733",
            "CSAFPID-220886",
            "CSAFPID-764250",
            "CSAFPID-611394",
            "CSAFPID-342816",
            "CSAFPID-764752",
            "CSAFPID-764764",
            "CSAFPID-764765",
            "CSAFPID-764766",
            "CSAFPID-764767",
            "CSAFPID-764779",
            "CSAFPID-94075",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-611390",
            "CSAFPID-764803",
            "CSAFPID-764813",
            "CSAFPID-764822",
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2022-45061"
    },
    {
      "cve": "CVE-2022-46337",
      "product_status": {
        "known_affected": [
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-1673384",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-764752",
          "CSAFPID-764275",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-912046",
          "CSAFPID-912045",
          "CSAFPID-912044",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-764250",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816317",
          "CSAFPID-816845",
          "CSAFPID-342816",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-816361",
          "CSAFPID-764813",
          "CSAFPID-220643",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-667692"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-46337",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-1673384",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-764752",
            "CSAFPID-764275",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-912046",
            "CSAFPID-912045",
            "CSAFPID-912044",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-764250",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816317",
            "CSAFPID-816845",
            "CSAFPID-342816",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-816361",
            "CSAFPID-764813",
            "CSAFPID-220643",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-667692"
          ]
        }
      ],
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650584",
          "CSAFPID-1650835",
          "CSAFPID-1650506",
          "CSAFPID-1650515",
          "CSAFPID-816317",
          "CSAFPID-816845",
          "CSAFPID-342816",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816361",
          "CSAFPID-764813",
          "CSAFPID-220643",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-667692",
          "CSAFPID-89587",
          "CSAFPID-1673397",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-345049",
          "CSAFPID-816801",
          "CSAFPID-611390",
          "CSAFPID-611394",
          "CSAFPID-611417",
          "CSAFPID-764250",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650584",
            "CSAFPID-1650835",
            "CSAFPID-1650506",
            "CSAFPID-1650515",
            "CSAFPID-816317",
            "CSAFPID-816845",
            "CSAFPID-342816",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816361",
            "CSAFPID-764813",
            "CSAFPID-220643",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-667692",
            "CSAFPID-89587",
            "CSAFPID-1673397",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-345049",
            "CSAFPID-816801",
            "CSAFPID-611390",
            "CSAFPID-611394",
            "CSAFPID-611417",
            "CSAFPID-764250",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-4043",
      "cwe": {
        "id": "CWE-834",
        "name": "Excessive Iteration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673405",
          "CSAFPID-1673397",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4043",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673405",
            "CSAFPID-1673397",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-4043"
    },
    {
      "cve": "CVE-2023-4759",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673397",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4759",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673397",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-4863",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-342816",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816798",
          "CSAFPID-816801"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4863",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json"
        }
      ],
      "title": "CVE-2023-4863"
    },
    {
      "cve": "CVE-2023-5072",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650575",
          "CSAFPID-1650515",
          "CSAFPID-1650835",
          "CSAFPID-89587",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5072",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650575",
            "CSAFPID-1650515",
            "CSAFPID-1650835",
            "CSAFPID-89587",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-26031",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Search Path",
          "title": "CWE-426"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673384",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26031",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673384",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2023-26031"
    },
    {
      "cve": "CVE-2023-26551",
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26551",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-26551"
    },
    {
      "cve": "CVE-2023-26552",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26552",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-26552"
    },
    {
      "cve": "CVE-2023-26553",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26553",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-26553"
    },
    {
      "cve": "CVE-2023-26554",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-26554"
    },
    {
      "cve": "CVE-2023-26555",
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26555",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-26555"
    },
    {
      "cve": "CVE-2023-28484",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764250",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-220886",
          "CSAFPID-816317",
          "CSAFPID-764813",
          "CSAFPID-89587",
          "CSAFPID-342816",
          "CSAFPID-345049",
          "CSAFPID-764752",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-611390",
          "CSAFPID-611394",
          "CSAFPID-611417",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-220643",
          "CSAFPID-667692",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-28484",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764250",
            "CSAFPID-764731",
            "CSAFPID-764732",
            "CSAFPID-764733",
            "CSAFPID-220886",
            "CSAFPID-816317",
            "CSAFPID-764813",
            "CSAFPID-89587",
            "CSAFPID-342816",
            "CSAFPID-345049",
            "CSAFPID-764752",
            "CSAFPID-764764",
            "CSAFPID-764765",
            "CSAFPID-764766",
            "CSAFPID-764767",
            "CSAFPID-611390",
            "CSAFPID-611394",
            "CSAFPID-611417",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-220643",
            "CSAFPID-667692",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871"
          ]
        }
      ],
      "title": "CVE-2023-28484"
    },
    {
      "cve": "CVE-2023-29469",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-611417",
          "CSAFPID-764731",
          "CSAFPID-764732",
          "CSAFPID-764733",
          "CSAFPID-816317",
          "CSAFPID-89587",
          "CSAFPID-220886",
          "CSAFPID-342816",
          "CSAFPID-345049",
          "CSAFPID-764752",
          "CSAFPID-611390",
          "CSAFPID-611394",
          "CSAFPID-764764",
          "CSAFPID-764765",
          "CSAFPID-764766",
          "CSAFPID-764767",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-220643",
          "CSAFPID-667692",
          "CSAFPID-764813",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-764250",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29469",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-611417",
            "CSAFPID-764731",
            "CSAFPID-764732",
            "CSAFPID-764733",
            "CSAFPID-816317",
            "CSAFPID-89587",
            "CSAFPID-220886",
            "CSAFPID-342816",
            "CSAFPID-345049",
            "CSAFPID-764752",
            "CSAFPID-611390",
            "CSAFPID-611394",
            "CSAFPID-764764",
            "CSAFPID-764765",
            "CSAFPID-764766",
            "CSAFPID-764767",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-220643",
            "CSAFPID-667692",
            "CSAFPID-764813",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-764250",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871"
          ]
        }
      ],
      "title": "CVE-2023-29469"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764250",
          "CSAFPID-611394",
          "CSAFPID-1650584",
          "CSAFPID-1673397",
          "CSAFPID-912561",
          "CSAFPID-345049",
          "CSAFPID-611390",
          "CSAFPID-611417",
          "CSAFPID-764274",
          "CSAFPID-764275",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764250",
            "CSAFPID-611394",
            "CSAFPID-1650584",
            "CSAFPID-1673397",
            "CSAFPID-912561",
            "CSAFPID-345049",
            "CSAFPID-611390",
            "CSAFPID-611417",
            "CSAFPID-764274",
            "CSAFPID-764275",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-37920",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1503575",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-37920",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1503575",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612"
          ]
        }
      ],
      "title": "CVE-2023-37920"
    },
    {
      "cve": "CVE-2023-39410",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673404",
          "CSAFPID-1673384",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39410",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673404",
            "CSAFPID-1673384",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871"
          ]
        }
      ],
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650757",
          "CSAFPID-1650758",
          "CSAFPID-1650759",
          "CSAFPID-1650760",
          "CSAFPID-1650761",
          "CSAFPID-89587",
          "CSAFPID-816361",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503603",
          "CSAFPID-1503575",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650757",
            "CSAFPID-1650758",
            "CSAFPID-1650759",
            "CSAFPID-1650760",
            "CSAFPID-1650761",
            "CSAFPID-89587",
            "CSAFPID-816361",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503603",
            "CSAFPID-1503575",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-44981",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650515",
          "CSAFPID-89587",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44981",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650515",
            "CSAFPID-89587",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601"
          ]
        }
      ],
      "title": "CVE-2023-44981"
    },
    {
      "cve": "CVE-2023-45288",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45288",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-45288"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650765",
          "CSAFPID-1650757",
          "CSAFPID-1650758",
          "CSAFPID-1650767",
          "CSAFPID-1650759",
          "CSAFPID-1650760",
          "CSAFPID-1650761",
          "CSAFPID-89587",
          "CSAFPID-220643",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-764250",
          "CSAFPID-764813",
          "CSAFPID-816317",
          "CSAFPID-816361",
          "CSAFPID-816798",
          "CSAFPID-816799",
          "CSAFPID-816800",
          "CSAFPID-816801",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-816852",
          "CSAFPID-816853",
          "CSAFPID-816854",
          "CSAFPID-816855",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-816870",
          "CSAFPID-816871",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-1503603",
          "CSAFPID-1503612",
          "CSAFPID-1503575",
          "CSAFPID-1503640",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650765",
            "CSAFPID-1650757",
            "CSAFPID-1650758",
            "CSAFPID-1650767",
            "CSAFPID-1650759",
            "CSAFPID-1650760",
            "CSAFPID-1650761",
            "CSAFPID-89587",
            "CSAFPID-220643",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-764250",
            "CSAFPID-764813",
            "CSAFPID-816317",
            "CSAFPID-816361",
            "CSAFPID-816798",
            "CSAFPID-816799",
            "CSAFPID-816800",
            "CSAFPID-816801",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-816852",
            "CSAFPID-816853",
            "CSAFPID-816854",
            "CSAFPID-816855",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-816870",
            "CSAFPID-816871",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-1503603",
            "CSAFPID-1503612",
            "CSAFPID-1503575",
            "CSAFPID-1503640",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49083",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-342816",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816798",
          "CSAFPID-816801",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-816845",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-49083",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-342816",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-816798",
            "CSAFPID-816801",
            "CSAFPID-816846",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-816845",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2023-49083"
    },
    {
      "cve": "CVE-2023-51384",
      "cwe": {
        "id": "CWE-304",
        "name": "Missing Critical Step in Authentication"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Critical Step in Authentication",
          "title": "CWE-304"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-51384",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-51384"
    },
    {
      "cve": "CVE-2023-51385",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-51385",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2023-51385"
    },
    {
      "cve": "CVE-2023-52425",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52425",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-52426",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
          "title": "CWE-776"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52426",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2023-52426"
    },
    {
      "cve": "CVE-2024-1874",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-1874",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-1874"
    },
    {
      "cve": "CVE-2024-2408",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        },
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        },
        {
          "category": "other",
          "text": "Use of a Broken or Risky Cryptographic Algorithm",
          "title": "CWE-327"
        },
        {
          "category": "other",
          "text": "Covert Timing Channel",
          "title": "CWE-385"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-2408"
    },
    {
      "cve": "CVE-2024-2511",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improperly Controlled Sequential Memory Allocation",
          "title": "CWE-1325"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-1673479",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2511",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-1673479",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-2511"
    },
    {
      "cve": "CVE-2024-4577",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4577",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-4577"
    },
    {
      "cve": "CVE-2024-4603",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-1673479",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4603",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-1673479",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-4603"
    },
    {
      "cve": "CVE-2024-4741",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-1673479",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4741",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-1673479",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-4741"
    },
    {
      "cve": "CVE-2024-5458",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5458",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-5458"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673508",
          "CSAFPID-1673525"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673508",
            "CSAFPID-1673525"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-5585",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5585",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-5585"
    },
    {
      "cve": "CVE-2024-6119",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673508",
          "CSAFPID-1673525"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6119",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673508",
            "CSAFPID-1673525"
          ]
        }
      ],
      "title": "CVE-2024-6119"
    },
    {
      "cve": "CVE-2024-6232",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
        }
      ],
      "title": "CVE-2024-6232"
    },
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673529",
          "CSAFPID-1673479",
          "CSAFPID-1673511",
          "CSAFPID-1673512"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673529",
            "CSAFPID-1673479",
            "CSAFPID-1673511",
            "CSAFPID-1673512"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-7592",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7592",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
        }
      ],
      "title": "CVE-2024-7592"
    },
    {
      "cve": "CVE-2024-21131",
      "product_status": {
        "known_affected": [
          "CSAFPID-1503299",
          "CSAFPID-1503306",
          "CSAFPID-1503302",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json"
        }
      ],
      "title": "CVE-2024-21131"
    },
    {
      "cve": "CVE-2024-21138",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21138",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json"
        }
      ],
      "title": "CVE-2024-21138"
    },
    {
      "cve": "CVE-2024-21140",
      "product_status": {
        "known_affected": [
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503299",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21140",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json"
        }
      ],
      "title": "CVE-2024-21140"
    },
    {
      "cve": "CVE-2024-21144",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21144",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json"
        }
      ],
      "title": "CVE-2024-21144"
    },
    {
      "cve": "CVE-2024-21145",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503299",
          "CSAFPID-1503306",
          "CSAFPID-1503302",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21145",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json"
        }
      ],
      "title": "CVE-2024-21145"
    },
    {
      "cve": "CVE-2024-21147",
      "product_status": {
        "known_affected": [
          "CSAFPID-1503306",
          "CSAFPID-1503302",
          "CSAFPID-1503299",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21147",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json"
        }
      ],
      "title": "CVE-2024-21147"
    },
    {
      "cve": "CVE-2024-21233",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673442",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21233",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673385",
            "CSAFPID-1673442",
            "CSAFPID-1673386"
          ]
        }
      ],
      "title": "CVE-2024-21233"
    },
    {
      "cve": "CVE-2024-21242",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673443",
          "CSAFPID-1673444",
          "CSAFPID-1673445"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21242",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673443",
            "CSAFPID-1673444",
            "CSAFPID-1673445"
          ]
        }
      ],
      "title": "CVE-2024-21242"
    },
    {
      "cve": "CVE-2024-21251",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673450",
          "CSAFPID-1673451",
          "CSAFPID-1673452"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21251",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673450",
            "CSAFPID-1673451",
            "CSAFPID-1673452"
          ]
        }
      ],
      "title": "CVE-2024-21251"
    },
    {
      "cve": "CVE-2024-21261",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673144",
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21261",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673144",
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-21261"
    },
    {
      "cve": "CVE-2024-22018",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22018",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-22018"
    },
    {
      "cve": "CVE-2024-22020",
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22020",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-22020"
    },
    {
      "cve": "CVE-2024-22201",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673384",
          "CSAFPID-342816",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816798",
          "CSAFPID-816801",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-816845",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673384",
            "CSAFPID-342816",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-816798",
            "CSAFPID-816801",
            "CSAFPID-816846",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-816845",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-23807",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650831",
          "CSAFPID-1650825",
          "CSAFPID-1673479",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650831",
            "CSAFPID-1650825",
            "CSAFPID-1673479",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-23807"
    },
    {
      "cve": "CVE-2024-23944",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673384",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23944",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673384",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-23944"
    },
    {
      "cve": "CVE-2024-24989",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24989",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json"
        }
      ],
      "title": "CVE-2024-24989"
    },
    {
      "cve": "CVE-2024-24990",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24990",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-24990"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1673384",
          "CSAFPID-816871",
          "CSAFPID-816798",
          "CSAFPID-816801",
          "CSAFPID-342816",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-912046",
          "CSAFPID-1503640",
          "CSAFPID-816845",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25710",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1673384",
            "CSAFPID-816871",
            "CSAFPID-816798",
            "CSAFPID-816801",
            "CSAFPID-342816",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-816846",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-912046",
            "CSAFPID-1503640",
            "CSAFPID-816845",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-26130",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-342816",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816798",
          "CSAFPID-816801",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-816845",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26130",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-342816",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-816798",
            "CSAFPID-816801",
            "CSAFPID-816846",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-816845",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1673384",
          "CSAFPID-816871",
          "CSAFPID-816798",
          "CSAFPID-342816",
          "CSAFPID-764275",
          "CSAFPID-764752",
          "CSAFPID-816801",
          "CSAFPID-816846",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912561",
          "CSAFPID-912567",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-816845",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1673384",
            "CSAFPID-816871",
            "CSAFPID-816798",
            "CSAFPID-342816",
            "CSAFPID-764275",
            "CSAFPID-764752",
            "CSAFPID-816801",
            "CSAFPID-816846",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912561",
            "CSAFPID-912567",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-816845",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27983",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-27983"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673442",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673442",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28849",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-28849"
    },
    {
      "cve": "CVE-2024-28887",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673442",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28887",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673385",
            "CSAFPID-1673442",
            "CSAFPID-1673386"
          ]
        }
      ],
      "title": "CVE-2024-28887"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673488",
          "CSAFPID-1673489",
          "CSAFPID-1673491",
          "CSAFPID-1673492",
          "CSAFPID-1673493",
          "CSAFPID-1673495",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673488",
            "CSAFPID-1673489",
            "CSAFPID-1673491",
            "CSAFPID-1673492",
            "CSAFPID-1673493",
            "CSAFPID-1673495",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673497",
          "CSAFPID-1673397",
          "CSAFPID-1673384",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673497",
            "CSAFPID-1673397",
            "CSAFPID-1673384",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673497",
          "CSAFPID-1673397",
          "CSAFPID-1673384",
          "CSAFPID-1503575",
          "CSAFPID-1503603",
          "CSAFPID-764250",
          "CSAFPID-1503612",
          "CSAFPID-1503640",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-816846",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503661",
          "CSAFPID-1503663",
          "CSAFPID-764813"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29133",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673497",
            "CSAFPID-1673397",
            "CSAFPID-1673384",
            "CSAFPID-1503575",
            "CSAFPID-1503603",
            "CSAFPID-764250",
            "CSAFPID-1503612",
            "CSAFPID-1503640",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-816846",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503661",
            "CSAFPID-1503663",
            "CSAFPID-764813"
          ]
        }
      ],
      "title": "CVE-2024-29133"
    },
    {
      "cve": "CVE-2024-31079",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-31079",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-31079"
    },
    {
      "cve": "CVE-2024-32760",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-32760",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-32760"
    },
    {
      "cve": "CVE-2024-34161",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34161",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-34161"
    },
    {
      "cve": "CVE-2024-34750",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Exceptional Conditions",
          "title": "CWE-755"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673504",
          "CSAFPID-1673506"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34750",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673504",
            "CSAFPID-1673506"
          ]
        }
      ],
      "title": "CVE-2024-34750"
    },
    {
      "cve": "CVE-2024-35200",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35200",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-35200"
    },
    {
      "cve": "CVE-2024-36137",
      "cwe": {
        "id": "CWE-275",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-275",
          "title": "CWE-275"
        },
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36137",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-36137"
    },
    {
      "cve": "CVE-2024-36138",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36138",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
        }
      ],
      "title": "CVE-2024-36138"
    },
    {
      "cve": "CVE-2024-36387",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-36387"
    },
    {
      "cve": "CVE-2024-37370",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673507",
          "CSAFPID-1673508",
          "CSAFPID-1673509"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37370",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673507",
            "CSAFPID-1673508",
            "CSAFPID-1673509"
          ]
        }
      ],
      "title": "CVE-2024-37370"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673507",
          "CSAFPID-1673508",
          "CSAFPID-1673509"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673507",
            "CSAFPID-1673508",
            "CSAFPID-1673509"
          ]
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-37372",
      "product_status": {
        "known_affected": [
          "CSAFPID-89587"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37372",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-89587"
          ]
        }
      ],
      "title": "CVE-2024-37372"
    },
    {
      "cve": "CVE-2024-38356",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673510",
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38356",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673510",
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-38356"
    },
    {
      "cve": "CVE-2024-38357",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673510",
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38357",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673510",
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-38357"
    },
    {
      "cve": "CVE-2024-38472",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38472",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38472"
    },
    {
      "cve": "CVE-2024-38473",
      "cwe": {
        "id": "CWE-172",
        "name": "Encoding Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Encoding Error",
          "title": "CWE-172"
        },
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38473",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38473"
    },
    {
      "cve": "CVE-2024-38474",
      "cwe": {
        "id": "CWE-172",
        "name": "Encoding Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Encoding Error",
          "title": "CWE-172"
        },
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38474",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38474"
    },
    {
      "cve": "CVE-2024-38475",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38475",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38475"
    },
    {
      "cve": "CVE-2024-38476",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Inclusion of Functionality from Untrusted Control Sphere",
          "title": "CWE-829"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38476",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38476"
    },
    {
      "cve": "CVE-2024-38477",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38477",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-38477"
    },
    {
      "cve": "CVE-2024-38998",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673511",
          "CSAFPID-1673512",
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673511",
            "CSAFPID-1673512",
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-38998"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673511",
          "CSAFPID-1673512",
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673511",
            "CSAFPID-1673512",
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-39573",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39573",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-39573"
    },
    {
      "cve": "CVE-2024-39884",
      "cwe": {
        "id": "CWE-18",
        "name": "-"
      },
      "notes": [
        {
          "category": "other",
          "text": "CWE-18",
          "title": "CWE-18"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39884",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-39884"
    },
    {
      "cve": "CVE-2024-40725",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Exposure of Resource to Wrong Sphere",
          "title": "CWE-668"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-1673479"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-40725",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-1673479"
          ]
        }
      ],
      "title": "CVE-2024-40725"
    },
    {
      "cve": "CVE-2024-40898",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-345049",
          "CSAFPID-611417",
          "CSAFPID-1673479"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-40898",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-345049",
            "CSAFPID-611417",
            "CSAFPID-1673479"
          ]
        }
      ],
      "title": "CVE-2024-40898"
    },
    {
      "cve": "CVE-2024-45490",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Incorrect Calculation of Buffer Size",
          "title": "CWE-131"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673442",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45490",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673385",
            "CSAFPID-1673442",
            "CSAFPID-1673386"
          ]
        }
      ],
      "title": "CVE-2024-45490"
    },
    {
      "cve": "CVE-2024-45491",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673442",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45491",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673385",
            "CSAFPID-1673442",
            "CSAFPID-1673386"
          ]
        }
      ],
      "title": "CVE-2024-45491"
    },
    {
      "cve": "CVE-2024-45492",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673385",
          "CSAFPID-1673442",
          "CSAFPID-1673386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673385",
            "CSAFPID-1673442",
            "CSAFPID-1673386"
          ]
        }
      ],
      "title": "CVE-2024-45492"
    },
    {
      "cve": "CVE-2024-45801",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45801",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2024-45801"
    }
  ]
}

NCSC-2024-0414

Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:17 - Updated: 2024-10-17 13:17

Summary

Kwetsbaarheden verholpen in Oracle Communications

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipuleren van gegevens - Uitvoer van willekeurige code (Gebruikersrechten) - Uitvoer van willekeurige code (Administratorrechten) - Toegang tot gevoelige gegevens

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-122: Heap-based Buffer Overflow

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-20: Improper Input Validation

CWE-466: Return of Pointer Value Outside of Expected Range

CWE-606: Unchecked Input for Loop Condition

CWE-390: Detection of Error Condition Without Action

CWE-405: Asymmetric Resource Consumption (Amplification)

CWE-222: Truncation of Security-relevant Information

CWE-364: Signal Handler Race Condition

CWE-450: Multiple Interpretations of UI Input

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-772: Missing Release of Resource after Effective Lifetime

CWE-669: Incorrect Resource Transfer Between Spheres

CWE-126: Buffer Over-read

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-755: Improper Handling of Exceptional Conditions

CWE-834: Excessive Iteration

CWE-407: Inefficient Algorithmic Complexity

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-703: Improper Check or Handling of Exceptional Conditions

CWE-427: Uncontrolled Search Path Element

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CWE-195: Signed to Unsigned Conversion Error

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-116: Improper Encoding or Escaping of Output

CWE-345: Insufficient Verification of Data Authenticity

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-190: Integer Overflow or Wraparound

CWE-61: UNIX Symbolic Link (Symlink) Following

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-284: Improper Access Control

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416: Use After Free

CWE-401: Missing Release of Memory after Effective Lifetime

CWE-476: NULL Pointer Dereference

CWE-459: Incomplete Cleanup

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-248: Uncaught Exception

CWE-674: Uncontrolled Recursion

CWE-918: Server-Side Request Forgery (SSRF)

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-37137

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 155 products

Product	Identifier	Version
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.45:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.15:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*`	—
communications_services_gatekeeper oracle	`cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.0:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.1:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:8.4:::::::*`	—
communications_unified_session_manager oracle	`cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.3:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.2:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_session_manager oracle	`cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:::::::*`	—
communications_interactive_session_recorder oracle	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*`	—
communications_eagle_software oracle	`cpe:2.3:a:oracle:communications_eagle_software:46.7.0:::::::*`	—
communications_eagle_software oracle	`cpe:2.3:a:oracle:communications_eagle_software::::::::`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_session_route_manager oracle	`cpe:2.3:a:oracle:communications_session_route_manager::::::::`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:::::::*`	—
communications_evolved_communications_application_server oracle	`cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*`	—
communications_performance_intelligence_center__pic__software oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software::::::::`	—
communications_performance_intelligence_center__pic__software oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.4:::::::*`	—
communications_eagle_ftp_table_base_retrieval oracle	`cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*`	—
communications_eagle_lnp_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*`	—
communications_eagle_lnp_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::*`	—
communications_eagle_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:::::::*`	—
communications_diameter_intelligence_hub oracle	`cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:::::::*`	—
communications_metasolv_solution oracle	`cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.3:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.3.5:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio::::::::`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.2.2:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:::::::*`	—
communications_contacts_server oracle	`cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—

CVE-2022-2068

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 125 products

Product	Identifier	Version
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.45:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.15:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*`	—
communications_services_gatekeeper oracle	`cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.0:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.1:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:8.4:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.2:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*`	—
communications_metasolv_solution oracle	`cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.3:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:::::::*`	—
communications_data_model oracle	`cpe:2.3:a:oracle:communications_data_model:12.2.0.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:::::::*`	—
communications_converged_application_server_-_service_controller oracle	`cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0:::::::*`	—
communications_evolved_communications_application_server oracle	`cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*`	—
communications_interactive_session_recorder oracle	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2022-2601

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 31 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2022-23437

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 271 products

Product	Identifier	Version
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.3:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:::::::*`	—
communications_metasolv_solution oracle	`cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.3:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:::::::*`	—
communications_converged_application_server_-_service_controller oracle	`cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_calendar_server oracle	`cpe:2.3:a:oracle:communications_calendar_server::::::::`	—
communications_contacts_server oracle	`cpe:2.3:a:oracle:communications_contacts_server::::::::`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.2:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.45:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.15:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.1:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*`	—
communications_services_gatekeeper oracle	`cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.0:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.1:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_converged_application_server oracle	`cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:::::::*`	—
communications_converged_application_server oracle	`cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:::::::*`	—
communications_diameter_intelligence_hub oracle	`cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:::::::*`	—
communications_performance_intelligence_center__pic__software oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:::::::*`	—
communications_calendar_server oracle	`cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:::::::*`	—
communications_contacts_server oracle	`cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.2:::::::*`	—
communications_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_elastic_charging_engine::::::::`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:::::::*`	—
communications_converged_application_server_-_service_controller oracle	`cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0:::::::*`	—
communications_evolved_communications_application_server oracle	`cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*`	—
communications_interactive_session_recorder oracle	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:8.4:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:::::::*`	—
communications_data_model oracle	`cpe:2.3:a:oracle:communications_data_model:12.2.0.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:4.3:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:4.4:::::::*`	—
communications_unified_session_manager oracle	`cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_session_manager oracle	`cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:::::::*`	—
communications_eagle_software oracle	`cpe:2.3:a:oracle:communications_eagle_software:46.7.0:::::::*`	—
communications_eagle_software oracle	`cpe:2.3:a:oracle:communications_eagle_software::::::::`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_session_route_manager oracle	`cpe:2.3:a:oracle:communications_session_route_manager::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:::::::*`	—
communications_performance_intelligence_center__pic__software oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software::::::::`	—
communications_performance_intelligence_center__pic__software oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.4:::::::*`	—
communications_eagle_ftp_table_base_retrieval oracle	`cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*`	—
communications_eagle_lnp_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:::::::*`	—
communications_eagle_lnp_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:::::::*`	—
communications_eagle_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:::::::*`	—
communications_diameter_intelligence_hub oracle	`cpe:2.3:a:oracle:communications_diameter_intelligence_hub::::::::`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.3.5:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio::::::::`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.2.2:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:::::::*`	—
communications_contacts_server oracle	`cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:::::::*`	—
communications_lsms oracle	`cpe:2.3:a:oracle:communications_lsms:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2022-36760

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 124 products

Product	Identifier	Version
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:::::::*`	—
communications_converged_application_server_-_service_controller oracle	`cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_calendar_server oracle	`cpe:2.3:a:oracle:communications_calendar_server::::::::`	—
communications_contacts_server oracle	`cpe:2.3:a:oracle:communications_contacts_server::::::::`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.2:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:::::::*`	—
communications_design_studio oracle	`cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:::::::*`	—
communications_cloud_native_configuration_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:8.45:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.15:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.1:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*`	—
communications_services_gatekeeper oracle	`cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.0:::::::*`	—
communications_session_router oracle	`cpe:2.3:a:oracle:communications_session_router:9.1:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:::::::*`	—
communications_subscriber-aware_load_balancer oracle	`cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2023-2953

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 39 products

Product	Identifier	Version
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2023-3635

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-195 - Signed to Unsigned Conversion Error

Affected products

Known affected 163 products

CVE-2023-4043

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-834 - Excessive Iteration

Affected products

Known affected 176 products

CVE-2023-5685

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 107 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2023-6597

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-61 - UNIX Symbolic Link (Symlink) Following

Affected products

Known affected 94 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2023-6816

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 31 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2023-38408

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 65 products

Product	Identifier	Version
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_metasolv_solution oracle	`cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2023-43642

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 75 products

CVE-2023-46136

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Known affected 46 products

Product	Identifier	Version
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 206 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.4.53:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.2:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_instant_messaging_server oracle	`cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:::::::*`	—
communications_metasolv_solution oracle	`cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:::::::*`	—
communications_order_and_service_management oracle	`cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:::::::*`	—
communications_eagle_application_processor oracle	`cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager:9.0.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_convergence oracle	`cpe:2.3:a:oracle:communications_convergence:3.0.3.3:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—

CVE-2023-51775

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 157 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2023-52428

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 98 products

CVE-2024-0450

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-450 - Multiple Interpretations of UI Input

Affected products

Known affected 105 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-2398

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Known affected 36 products

Product	Identifier	Version
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-4577

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Affected products

Known affected 32 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-4603

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-606 - Unchecked Input for Loop Condition

Affected products

Known affected 92 products

Product	Identifier	Version
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-5585

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-116 - Improper Encoding or Escaping of Output

Affected products

Known affected 13 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—

CVE-2024-5971

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 40 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-6162

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 107 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-6387

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 32 products

Product	Identifier	Version
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-7254

CWE-20 - Improper Input Validation

Affected products

Known affected 36 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-7264

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—

CVE-2024-22020

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 33 products

Product	Identifier	Version
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-22201

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 149 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-22257

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 156 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-22262

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Known affected 106 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-23672

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-459 - Incomplete Cleanup

Affected products

Known affected 144 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-23807

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 103 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*`	—
communications_ip_service_activator oracle	`cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:::::::*`	—
communications_messaging_server oracle	`cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-24549

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 137 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-25062

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Known affected 157 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-25638

8.9 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE-345 - Insufficient Verification of Data Authenticity

Affected products

Known affected 34 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-26308

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 156 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.3.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.7.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:22.4.0:::::::*`	—
communications___9.0.2 oracle	`cpe:2.3:a:oracle:communications___9.0.2::::::::`	—
communications___7.2.1.0.0 oracle	`cpe:2.3:a:oracle:communications___7.2.1.0.0::::::::`	—
communications___23.4.2 oracle	`cpe:2.3:a:oracle:communications___23.4.2::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—
communications_network_integrity oracle	`cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management::::::::`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:::::::*`	—
communications_offline_mediation_controller oracle	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:::::::*`	—
communications_fraud_monitor oracle	`cpe:2.3:a:oracle:communications_fraud_monitor:5.2:::::::*`	—
communications_webrtc_session_controller oracle	`cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—

CVE-2024-28182

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 116 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_performance_intelligence_center oracle	`cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_certificate_management oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-28849

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 104 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-29025

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 108 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:10.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:46.6.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications___23.4.3 oracle	`cpe:2.3:a:oracle:communications___23.4.3::::::::`	—
communications___23.4.4 oracle	`cpe:2.3:a:oracle:communications___23.4.4::::::::`	—
communications___8.6.0.6 oracle	`cpe:2.3:a:oracle:communications___8.6.0.6::::::::`	—
communications___8.6.0.8 oracle	`cpe:2.3:a:oracle:communications___8.6.0.8::::::::`	—
communications___9.0.3 oracle	`cpe:2.3:a:oracle:communications___9.0.3::::::::`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-29133

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 75 products

CVE-2024-29736

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 32 products

Product	Identifier	Version
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-29857

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 93 products

Product	Identifier	Version
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function::::::::`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:::::::*`	—
communications_cloud_native_core_network_data_analytics_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:::::::*`	—
communications_cloud_native_core_network_exposure_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:::::::*`	—
communications_cloud_native_core_network_function_cloud_native_environment oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy::::::::`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:::::::*`	—
communications_diameter_signaling_router oracle	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:::::::*`	—
communications_eagle_element_management_system oracle	`cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:::::::*`	—
communications_element_manager oracle	`cpe:2.3:a:oracle:communications_element_manager::::::::`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications_performance_intelligence oracle	`cpe:2.3:a:oracle:communications_performance_intelligence:10.5:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:::::::*`	—
communications_policy_management oracle	`cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_report_manager oracle	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:::::::*`	—
communications_asap oracle	`cpe:2.3:a:oracle:communications_asap:7.4:::::::*`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`	—
communications_brm_-_elastic_charging_engine oracle	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:::::::*`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::`	—
communications_billing_and_revenue_management oracle	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:::::::*`	—
communications_converged_charging_system oracle	`cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:::::::*`	—
communications_convergent_charging_controller oracle	`cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control::::::::`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:::::::*`	—
communications_network_charging_and_control oracle	`cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center::::::::`	—
communications_pricing_design_center oracle	`cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:::::::*`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design::::::::`	—
communications_service_catalog_and_design oracle	`cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance::::::::`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*`	—
communications_unified_inventory_management oracle	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*`	—

CVE-2024-30251

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 32 products

Product	Identifier	Version
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-31080

CWE-126 - Buffer Over-read

Affected products

Known affected 31 products

Product	Identifier	Version
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-31744

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 35 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-32760

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 33 products

Product	Identifier	Version
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.1:::::::*`	—
communications_operations_monitor oracle	`cpe:2.3:a:oracle:communications_operations_monitor:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-33602

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-466 - Return of Pointer Value Outside of Expected Range

Affected products

Known affected 41 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:::::::*`	—
communications_session_border_controller oracle	`cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_core_session_manager oracle	`cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-34750

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Affected products

Known affected 35 products

Product	Identifier	Version
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:14.0:::::::*`	—
communications_user_data_repository oracle	`cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-37371

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 46 products

Product	Identifier	Version
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_service_communication_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_network_analytics_data_director oracle	`cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:::::::*`	—
communications_cloud_native_core_console oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-37891

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-669 - Incorrect Resource Transfer Between Spheres

Affected products

Known affected 33 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-38816

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 33 products

Product	Identifier	Version
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:::::::*`	—
communications_cloud_native_core_dbtier oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-39689

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-345 - Insufficient Verification of Data Authenticity

Affected products

Known affected 4 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—

CVE-2024-40898

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 48 products

Product	Identifier	Version
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-41817

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 - Uncontrolled Search Path Element

Affected products

Known affected 14 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—

CVE-2024-43044

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 41 products

Product	Identifier	Version
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:::::::*`	—
communications_cloud_native_core_network_slice_selection_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:::::::*`	—
communications_cloud_native_core_security_edge_protection_proxy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:::::::*`	—
communications_cloud_native_core_network_repository_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:::::::*`	—
communications_cloud_native_core_automated_test_suite oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

CVE-2024-45492

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 48 products

Product	Identifier	Version
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:::::::*`	—
communications_cloud_native_core_unified_data_repository oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:::::::*`	—
communications_unified_assurance oracle	`cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:::::::*`	—
communications_cloud_native_core_policy oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:::::::*`	—
communications_cloud_native_core_binding_support_function oracle	`cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:8.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.4.1:::::::*`	—
communications_applications oracle	`cpe:2.3:a:oracle:communications_applications:7.5.0:::::::*`	—
communications_applications___6.0.4 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.4::::::::`	—
communications_applications___6.0.5 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.5::::::::`	—
communications_applications___5.5.22 oracle	`cpe:2.3:a:oracle:communications_applications___5.5.22::::::::`	—
communications_applications___12.0.6.0.0 oracle	`cpe:2.3:a:oracle:communications_applications___12.0.6.0.0::::::::`	—
communications_applications___6.0.3 oracle	`cpe:2.3:a:oracle:communications_applications___6.0.3::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.11.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:4.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.2.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0.0.0:::::::*`	—
communications__10.4.0.4 oracle	`cpe:2.3:a:oracle:communications__10.4.0.4::::::::`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.9.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:14.0.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:17.0.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.5:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:12.6.1.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.1.1.3.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:5.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.2:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.2.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:24.1.1:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.3:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:9.0.1.10.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.4:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:15.0.0.0.0:::::::*`	—
communications oracle	`cpe:2.3:a:oracle:communications:23.4.0:::::::*`	—
communications___9.1.1.8.0 oracle	`cpe:2.3:a:oracle:communications___9.1.1.8.0::::::::`	—
communications___24.2.0 oracle	`cpe:2.3:a:oracle:communications___24.2.0::::::::`	—
communications___23.4.5 oracle	`cpe:2.3:a:oracle:communications___23.4.5::::::::`	—
communications___23.4.6 oracle	`cpe:2.3:a:oracle:communications___23.4.6::::::::`	—

References

58 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Return of Pointer Value Outside of Expected Range",
        "title": "CWE-466"
      },
      {
        "category": "general",
        "text": "Unchecked Input for Loop Condition",
        "title": "CWE-606"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Asymmetric Resource Consumption (Amplification)",
        "title": "CWE-405"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Signal Handler Race Condition",
        "title": "CWE-364"
      },
      {
        "category": "general",
        "text": "Multiple Interpretations of UI Input",
        "title": "CWE-450"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Missing Release of Resource after Effective Lifetime",
        "title": "CWE-772"
      },
      {
        "category": "general",
        "text": "Incorrect Resource Transfer Between Spheres",
        "title": "CWE-669"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
        "title": "CWE-88"
      },
      {
        "category": "general",
        "text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
        "title": "CWE-349"
      },
      {
        "category": "general",
        "text": "Improper Handling of Exceptional Conditions",
        "title": "CWE-755"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Improper Check or Handling of Exceptional Conditions",
        "title": "CWE-703"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Signed to Unsigned Conversion Error",
        "title": "CWE-195"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "UNIX Symbolic Link (Symlink) Following",
        "title": "CWE-61"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Incomplete Cleanup",
        "title": "CWE-459"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Uncaught Exception",
        "title": "CWE-248"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications",
    "tracking": {
      "current_release_date": "2024-10-17T13:17:52.103171Z",
      "id": "NCSC-2024-0414",
      "initial_release_date": "2024-10-17T13:17:52.103171Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:17:52.103171Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635313",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635305",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635311",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635312",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635323",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670430",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674632",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674630",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635320",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674633",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670439",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635322",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670429",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670435",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670431",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670436",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670432",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635321",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635310",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635318",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674640",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674642",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670434",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635316",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674639",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635314",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674638",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674637",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635307",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635319",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670438",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635315",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670433",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674641",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674635",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674636",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1670437",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674631",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1674634",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635308",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications",
            "product": {
              "name": "communications",
              "product_id": "CSAFPID-1635309",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications__10.4.0.4",
            "product": {
              "name": "communications__10.4.0.4",
              "product_id": "CSAFPID-1674629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.2",
            "product": {
              "name": "communications___23.4.2",
              "product_id": "CSAFPID-1670442",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.3",
            "product": {
              "name": "communications___23.4.3",
              "product_id": "CSAFPID-1635325",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.4",
            "product": {
              "name": "communications___23.4.4",
              "product_id": "CSAFPID-1635326",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.5",
            "product": {
              "name": "communications___23.4.5",
              "product_id": "CSAFPID-1674645",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___23.4.6",
            "product": {
              "name": "communications___23.4.6",
              "product_id": "CSAFPID-1674646",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___24.2.0",
            "product": {
              "name": "communications___24.2.0",
              "product_id": "CSAFPID-1674644",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___7.2.1.0.0",
            "product": {
              "name": "communications___7.2.1.0.0",
              "product_id": "CSAFPID-1670441",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___8.6.0.6",
            "product": {
              "name": "communications___8.6.0.6",
              "product_id": "CSAFPID-1635327",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___8.6.0.8",
            "product": {
              "name": "communications___8.6.0.8",
              "product_id": "CSAFPID-1635328",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.0.2",
            "product": {
              "name": "communications___9.0.2",
              "product_id": "CSAFPID-1670440",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.0.3",
            "product": {
              "name": "communications___9.0.3",
              "product_id": "CSAFPID-1635329",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications___9.1.1.8.0",
            "product": {
              "name": "communications___9.1.1.8.0",
              "product_id": "CSAFPID-1674643",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674621",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674618",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674619",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674617",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications",
            "product": {
              "name": "communications_applications",
              "product_id": "CSAFPID-1674620",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___12.0.6.0.0",
            "product": {
              "name": "communications_applications___12.0.6.0.0",
              "product_id": "CSAFPID-1674627",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___5.5.22",
            "product": {
              "name": "communications_applications___5.5.22",
              "product_id": "CSAFPID-1674626",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.3",
            "product": {
              "name": "communications_applications___6.0.3",
              "product_id": "CSAFPID-1674628",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.4",
            "product": {
              "name": "communications_applications___6.0.4",
              "product_id": "CSAFPID-1674624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_applications___6.0.5",
            "product": {
              "name": "communications_applications___6.0.5",
              "product_id": "CSAFPID-1674625",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_asap",
            "product": {
              "name": "communications_asap",
              "product_id": "CSAFPID-204629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_asap",
            "product": {
              "name": "communications_asap",
              "product_id": "CSAFPID-1673475",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_asap",
            "product": {
              "name": "communications_asap",
              "product_id": "CSAFPID-816792",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-764735",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-1650734",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-204639",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-204627",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-816793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management",
            "product": {
              "name": "communications_billing_and_revenue_management",
              "product_id": "CSAFPID-912557",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_billing_and_revenue_management__-_elastic_charging_engine",
            "product": {
              "name": "communications_billing_and_revenue_management__-_elastic_charging_engine",
              "product_id": "CSAFPID-219835",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-764247",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-209548",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-209549",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-41194",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-1650820",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-765241",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-209546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-209550",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-498607",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_brm_-_elastic_charging_engine",
            "product": {
              "name": "communications_brm_-_elastic_charging_engine",
              "product_id": "CSAFPID-912556",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_calendar_server",
            "product": {
              "name": "communications_calendar_server",
              "product_id": "CSAFPID-764736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_calendar_server",
            "product": {
              "name": "communications_calendar_server",
              "product_id": "CSAFPID-220190",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_configuration_console",
            "product": {
              "name": "communications_cloud_native_configuration_console",
              "product_id": "CSAFPID-391501",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_configuration_console",
            "product": {
              "name": "communications_cloud_native_configuration_console",
              "product_id": "CSAFPID-440102",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-89545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-180215",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-180197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-220548",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-41516",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-41515",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-220057",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-220055",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-220909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816766",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-816767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1503577",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1673416",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1673516",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1673412",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_automated_test_suite",
            "product": {
              "name": "communications_cloud_native_core_automated_test_suite",
              "product_id": "CSAFPID-1673411",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-764237",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-2045",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-40612",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-608629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-93784",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1899",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-41111",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1685",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-493445",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-294401",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-220547",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-764824",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-220459",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-45184",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-45182",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-45181",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-611405",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-611403",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-611404",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1650752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1673396",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-912066",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_binding_support_function",
            "product": {
              "name": "communications_cloud_native_core_binding_support_function",
              "product_id": "CSAFPID-1503323",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673526",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_certificate_management",
            "product": {
              "name": "communications_cloud_native_core_certificate_management",
              "product_id": "CSAFPID-1673394",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-165550",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-93546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-180195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-40299",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-187447",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-45186",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-45185",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-220559",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-220558",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-764238",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-764239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-816768",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-816769",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-912085",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1503578",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1673389",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_console",
            "product": {
              "name": "communications_cloud_native_core_console",
              "product_id": "CSAFPID-1673390",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_dbtier",
            "product": {
              "name": "communications_cloud_native_core_dbtier",
              "product_id": "CSAFPID-1673421",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_dbtier",
            "product": {
              "name": "communications_cloud_native_core_dbtier",
              "product_id": "CSAFPID-1673420",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-764825",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-816770",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-816771",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-912068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_data_analytics_function",
            "product": {
              "name": "communications_cloud_native_core_network_data_analytics_function",
              "product_id": "CSAFPID-1503579",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-180201",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-1900",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-760687",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-40947",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-93635",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-503534",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-90018",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-220327",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-94290",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-220325",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-614513",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-643776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-816772",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-912076",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_exposure_function",
            "product": {
              "name": "communications_cloud_native_core_network_exposure_function",
              "product_id": "CSAFPID-1503580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-40613",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-2044",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-40301",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-180194",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-449747",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-40298",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-223527",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-449746",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-503493",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-260394",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-219838",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-611387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-618156",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-816773",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912101",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-1673473",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-1503581",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912539",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912540",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912541",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912542",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_function_cloud_native_environment",
            "product": {
              "name": "communications_cloud_native_core_network_function_cloud_native_environment",
              "product_id": "CSAFPID-912543",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-40611",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-40609",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-180198",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-41112",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-41110",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-760688",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-493444",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-93633",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-220056",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-223511",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-216017",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-220889",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-614516",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816774",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-220918",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-614515",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-614514",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816346",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-912077",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1503322",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1673413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-1673415",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-816775",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_repository_function",
            "product": {
              "name": "communications_cloud_native_core_network_repository_function",
              "product_id": "CSAFPID-912544",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-40608",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-180199",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-41113",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-260395",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-260393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816348",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-912545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816347",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-1673494",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-1673501",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_network_slice_selection_function",
            "product": {
              "name": "communications_cloud_native_core_network_slice_selection_function",
              "product_id": "CSAFPID-816777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-764240",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-220468",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-2310",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-93547",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-180200",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-180193",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1898",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-93636",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-90020",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-90015",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-220133",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1650751",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1673517",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-1673395",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-912069",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_policy",
            "product": {
              "name": "communications_cloud_native_core_policy",
              "product_id": "CSAFPID-765371",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-180216",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-180202",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-40300",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-93653",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-40949",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-642000",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-93634",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-220561",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-90021",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-94292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-218028",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-220881",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-94291",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-220910",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-220324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-611401",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-816778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-614517",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-912547",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1673392",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1503582",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-1673393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_security_edge_protection_proxy",
            "product": {
              "name": "communications_cloud_native_core_security_edge_protection_proxy",
              "product_id": "CSAFPID-912546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-40610",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-611587",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-642002",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-493443",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-642001",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-224796",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-224795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912548",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912102",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-912549",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503583",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503584",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1503585",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_service_communication_proxy",
            "product": {
              "name": "communications_cloud_native_core_service_communication_proxy",
              "product_id": "CSAFPID-1672767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-180217",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-180196",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-165576",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-40297",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-764899",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-589926",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-179780",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-40948",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-589925",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-179779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-764826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-90019",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-90016",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-220326",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-764241",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-912078",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-816349",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-912550",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1503586",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1503587",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-1673399",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_cloud_native_core_unified_data_repository",
            "product": {
              "name": "communications_cloud_native_core_unified_data_repository",
              "product_id": "CSAFPID-816779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_contacts_server",
            "product": {
              "name": "communications_contacts_server",
              "product_id": "CSAFPID-764737",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_contacts_server",
            "product": {
              "name": "communications_contacts_server",
              "product_id": "CSAFPID-224787",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_contacts_server",
            "product": {
              "name": "communications_contacts_server",
              "product_id": "CSAFPID-220189",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server",
            "product": {
              "name": "communications_converged_application_server",
              "product_id": "CSAFPID-764827",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server",
            "product": {
              "name": "communications_converged_application_server",
              "product_id": "CSAFPID-764828",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server_-_service_controller",
            "product": {
              "name": "communications_converged_application_server_-_service_controller",
              "product_id": "CSAFPID-764734",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_application_server_-_service_controller",
            "product": {
              "name": "communications_converged_application_server_-_service_controller",
              "product_id": "CSAFPID-426842",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_charging_system",
            "product": {
              "name": "communications_converged_charging_system",
              "product_id": "CSAFPID-1503599",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_converged_charging_system",
            "product": {
              "name": "communications_converged_charging_system",
              "product_id": "CSAFPID-1503600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-345031",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-204635",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-764833",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-224793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergence",
            "product": {
              "name": "communications_convergence",
              "product_id": "CSAFPID-816794",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-342793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1650777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1265",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-764248",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-816350",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_convergent_charging_controller",
            "product": {
              "name": "communications_convergent_charging_controller",
              "product_id": "CSAFPID-1261",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-110244",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-110242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-93777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-1672764",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_core_session_manager",
            "product": {
              "name": "communications_core_session_manager",
              "product_id": "CSAFPID-93772",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_data_model",
            "product": {
              "name": "communications_data_model",
              "product_id": "CSAFPID-764902",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-765372",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-342799",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-704412",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-704411",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-165544",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-704410",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_design_studio",
            "product": {
              "name": "communications_design_studio",
              "product_id": "CSAFPID-41183",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_intelligence_hub",
            "product": {
              "name": "communications_diameter_intelligence_hub",
              "product_id": "CSAFPID-342802",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_intelligence_hub",
            "product": {
              "name": "communications_diameter_intelligence_hub",
              "product_id": "CSAFPID-764829",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1503588",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1892",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1891",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1888",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1887",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1889",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1884",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1885",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1882",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1881",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1883",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1879",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1880",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-40293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1650826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-1650830",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-611413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-912551",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_diameter_signaling_router",
            "product": {
              "name": "communications_diameter_signaling_router",
              "product_id": "CSAFPID-912552",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_application_processor",
            "product": {
              "name": "communications_eagle_application_processor",
              "product_id": "CSAFPID-1673417",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_application_processor",
            "product": {
              "name": "communications_eagle_application_processor",
              "product_id": "CSAFPID-765369",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-1503316",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-1503317",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_element_management_system",
            "product": {
              "name": "communications_eagle_element_management_system",
              "product_id": "CSAFPID-204528",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_ftp_table_base_retrieval",
            "product": {
              "name": "communications_eagle_ftp_table_base_retrieval",
              "product_id": "CSAFPID-204623",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_lnp_application_processor",
            "product": {
              "name": "communications_eagle_lnp_application_processor",
              "product_id": "CSAFPID-352633",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_lnp_application_processor",
            "product": {
              "name": "communications_eagle_lnp_application_processor",
              "product_id": "CSAFPID-352632",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_software",
            "product": {
              "name": "communications_eagle_software",
              "product_id": "CSAFPID-765366",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_eagle_software",
            "product": {
              "name": "communications_eagle_software",
              "product_id": "CSAFPID-765365",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_elastic_charging_engine",
            "product": {
              "name": "communications_elastic_charging_engine",
              "product_id": "CSAFPID-764834",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-764242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-204597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-204580",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-9226",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-204589",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-9070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-8845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-204624",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-2286",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-204464",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-345038",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-93629",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-611422",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-93630",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_element_manager",
            "product": {
              "name": "communications_element_manager",
              "product_id": "CSAFPID-816780",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_evolved_communications_application_server",
            "product": {
              "name": "communications_evolved_communications_application_server",
              "product_id": "CSAFPID-204645",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-816781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-816782",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_fraud_monitor",
            "product": {
              "name": "communications_fraud_monitor",
              "product_id": "CSAFPID-912553",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_instant_messaging_server",
            "product": {
              "name": "communications_instant_messaging_server",
              "product_id": "CSAFPID-207586",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_instant_messaging_server",
            "product": {
              "name": "communications_instant_messaging_server",
              "product_id": "CSAFPID-234306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_instant_messaging_server",
            "product": {
              "name": "communications_instant_messaging_server",
              "product_id": "CSAFPID-219803",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_instant_messaging_server",
            "product": {
              "name": "communications_instant_messaging_server",
              "product_id": "CSAFPID-387664",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_interactive_session_recorder",
            "product": {
              "name": "communications_interactive_session_recorder",
              "product_id": "CSAFPID-1893",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_ip_service_activator",
            "product": {
              "name": "communications_ip_service_activator",
              "product_id": "CSAFPID-204622",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_ip_service_activator",
            "product": {
              "name": "communications_ip_service_activator",
              "product_id": "CSAFPID-219909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_lsms",
            "product": {
              "name": "communications_lsms",
              "product_id": "CSAFPID-1673065",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-764835",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-375182",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-816351",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_messaging_server",
            "product": {
              "name": "communications_messaging_server",
              "product_id": "CSAFPID-41182",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_metasolv_solution",
            "product": {
              "name": "communications_metasolv_solution",
              "product_id": "CSAFPID-611595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_metasolv_solution",
            "product": {
              "name": "communications_metasolv_solution",
              "product_id": "CSAFPID-226017",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-220167",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816353",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-764243",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816352",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1503589",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1503590",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-1673414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816783",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816786",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816784",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816787",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816785",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_analytics_data_director",
            "product": {
              "name": "communications_network_analytics_data_director",
              "product_id": "CSAFPID-816788",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-342803",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-1650778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-1266",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-764249",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-816354",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_charging_and_control",
            "product": {
              "name": "communications_network_charging_and_control",
              "product_id": "CSAFPID-204563",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_integrity",
            "product": {
              "name": "communications_network_integrity",
              "product_id": "CSAFPID-220125",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_integrity",
            "product": {
              "name": "communications_network_integrity",
              "product_id": "CSAFPID-245244",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_integrity",
            "product": {
              "name": "communications_network_integrity",
              "product_id": "CSAFPID-219776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_network_integrity",
            "product": {
              "name": "communications_network_integrity",
              "product_id": "CSAFPID-204554",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_offline_mediation_controller",
            "product": {
              "name": "communications_offline_mediation_controller",
              "product_id": "CSAFPID-765242",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-9489",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-110249",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-93781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-220132",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_operations_monitor",
            "product": {
              "name": "communications_operations_monitor",
              "product_id": "CSAFPID-912079",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-224791",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-219898",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-224790",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-221118",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-179774",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_order_and_service_management",
            "product": {
              "name": "communications_order_and_service_management",
              "product_id": "CSAFPID-1673496",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence",
            "product": {
              "name": "communications_performance_intelligence",
              "product_id": "CSAFPID-1503591",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence_center",
            "product": {
              "name": "communications_performance_intelligence_center",
              "product_id": "CSAFPID-1673485",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence_center__pic__software",
            "product": {
              "name": "communications_performance_intelligence_center__pic__software",
              "product_id": "CSAFPID-765367",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence_center__pic__software",
            "product": {
              "name": "communications_performance_intelligence_center__pic__software",
              "product_id": "CSAFPID-765368",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_performance_intelligence_center__pic__software",
            "product": {
              "name": "communications_performance_intelligence_center__pic__software",
              "product_id": "CSAFPID-764830",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-573035",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-45192",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-611406",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-816789",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_policy_management",
            "product": {
              "name": "communications_policy_management",
              "product_id": "CSAFPID-816790",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-764738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-204595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-204590",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_pricing_design_center",
            "product": {
              "name": "communications_pricing_design_center",
              "product_id": "CSAFPID-816355",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1503601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816359",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816358",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816357",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-912558",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-1503602",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816796",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_service_catalog_and_design",
            "product": {
              "name": "communications_service_catalog_and_design",
              "product_id": "CSAFPID-816797",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_services_gatekeeper",
            "product": {
              "name": "communications_services_gatekeeper",
              "product_id": "CSAFPID-608630",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503592",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503593",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-40294",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-40292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1672762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-40291",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_border_controller",
            "product": {
              "name": "communications_session_border_controller",
              "product_id": "CSAFPID-1503595",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-342804",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-704413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2296",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-166028",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2294",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2290",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2288",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2282",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2285",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-2279",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-204634",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-345039",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-93628",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-611423",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-93631",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_report_manager",
            "product": {
              "name": "communications_session_report_manager",
              "product_id": "CSAFPID-816791",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-342805",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-704414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-166027",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2295",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2289",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2291",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2287",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2283",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2284",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2280",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-2281",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-220414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_route_manager",
            "product": {
              "name": "communications_session_route_manager",
              "product_id": "CSAFPID-204607",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_router",
            "product": {
              "name": "communications_session_router",
              "product_id": "CSAFPID-764780",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_session_router",
            "product": {
              "name": "communications_session_router",
              "product_id": "CSAFPID-764781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_subscriber-aware_load_balancer",
            "product": {
              "name": "communications_subscriber-aware_load_balancer",
              "product_id": "CSAFPID-93775",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_subscriber-aware_load_balancer",
            "product": {
              "name": "communications_subscriber-aware_load_balancer",
              "product_id": "CSAFPID-93774",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-240600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-78764",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-78763",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673070",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673381",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1650731",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673530",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-764901",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-78762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-78761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-614089",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_assurance",
            "product": {
              "name": "communications_unified_assurance",
              "product_id": "CSAFPID-1673068",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-764739",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-204614",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-8984",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-204510",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-204569",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-219826",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_inventory_management",
            "product": {
              "name": "communications_unified_inventory_management",
              "product_id": "CSAFPID-912073",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_session_manager",
            "product": {
              "name": "communications_unified_session_manager",
              "product_id": "CSAFPID-110243",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_unified_session_manager",
            "product": {
              "name": "communications_unified_session_manager",
              "product_id": "CSAFPID-205759",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503596",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503597",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1503598",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-764900",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-76994",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-568240",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-764782",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-355340",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-912080",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_user_data_repository",
            "product": {
              "name": "communications_user_data_repository",
              "product_id": "CSAFPID-1673481",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-912554",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-611408",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-703515",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-611407",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "communications_webrtc_session_controller",
            "product": {
              "name": "communications_webrtc_session_controller",
              "product_id": "CSAFPID-204456",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-37137",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-41182",
          "CSAFPID-209546",
          "CSAFPID-40608",
          "CSAFPID-180216",
          "CSAFPID-93547",
          "CSAFPID-180217",
          "CSAFPID-2310",
          "CSAFPID-40612",
          "CSAFPID-391501",
          "CSAFPID-440102",
          "CSAFPID-41516",
          "CSAFPID-41515",
          "CSAFPID-764237",
          "CSAFPID-45182",
          "CSAFPID-45181",
          "CSAFPID-45186",
          "CSAFPID-45185",
          "CSAFPID-90018",
          "CSAFPID-94290",
          "CSAFPID-260394",
          "CSAFPID-216017",
          "CSAFPID-764240",
          "CSAFPID-90021",
          "CSAFPID-94292",
          "CSAFPID-218028",
          "CSAFPID-94291",
          "CSAFPID-493443",
          "CSAFPID-224796",
          "CSAFPID-90019",
          "CSAFPID-90016",
          "CSAFPID-93777",
          "CSAFPID-93772",
          "CSAFPID-40293",
          "CSAFPID-345038",
          "CSAFPID-93629",
          "CSAFPID-93781",
          "CSAFPID-45192",
          "CSAFPID-608630",
          "CSAFPID-40292",
          "CSAFPID-40291",
          "CSAFPID-345039",
          "CSAFPID-93628",
          "CSAFPID-764780",
          "CSAFPID-764781",
          "CSAFPID-93775",
          "CSAFPID-93774",
          "CSAFPID-764782",
          "CSAFPID-342793",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-342803",
          "CSAFPID-204563",
          "CSAFPID-221118",
          "CSAFPID-240600",
          "CSAFPID-8984",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-1899",
          "CSAFPID-41111",
          "CSAFPID-40299",
          "CSAFPID-187447",
          "CSAFPID-1900",
          "CSAFPID-40301",
          "CSAFPID-180194",
          "CSAFPID-40298",
          "CSAFPID-41112",
          "CSAFPID-41110",
          "CSAFPID-41113",
          "CSAFPID-180193",
          "CSAFPID-1898",
          "CSAFPID-40300",
          "CSAFPID-611587",
          "CSAFPID-40297",
          "CSAFPID-110244",
          "CSAFPID-110242",
          "CSAFPID-9489",
          "CSAFPID-110249",
          "CSAFPID-40294",
          "CSAFPID-110243",
          "CSAFPID-204629",
          "CSAFPID-765241",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-41183",
          "CSAFPID-207586",
          "CSAFPID-765242",
          "CSAFPID-205759",
          "CSAFPID-1893",
          "CSAFPID-765365",
          "CSAFPID-765366",
          "CSAFPID-342804",
          "CSAFPID-342805",
          "CSAFPID-204456",
          "CSAFPID-1882",
          "CSAFPID-573035",
          "CSAFPID-204645",
          "CSAFPID-765367",
          "CSAFPID-765368",
          "CSAFPID-764242",
          "CSAFPID-76994",
          "CSAFPID-204623",
          "CSAFPID-352633",
          "CSAFPID-352632",
          "CSAFPID-765369",
          "CSAFPID-204528",
          "CSAFPID-342802",
          "CSAFPID-40610",
          "CSAFPID-40611",
          "CSAFPID-40609",
          "CSAFPID-180198",
          "CSAFPID-180196",
          "CSAFPID-180201",
          "CSAFPID-180202",
          "CSAFPID-40613",
          "CSAFPID-180199",
          "CSAFPID-93546",
          "CSAFPID-180195",
          "CSAFPID-180200",
          "CSAFPID-765371",
          "CSAFPID-89545",
          "CSAFPID-180215",
          "CSAFPID-180197",
          "CSAFPID-204639",
          "CSAFPID-204627",
          "CSAFPID-226017",
          "CSAFPID-219898",
          "CSAFPID-179774",
          "CSAFPID-342799",
          "CSAFPID-765372",
          "CSAFPID-220125",
          "CSAFPID-245244",
          "CSAFPID-204554",
          "CSAFPID-764739",
          "CSAFPID-204614",
          "CSAFPID-345031",
          "CSAFPID-204635",
          "CSAFPID-204595",
          "CSAFPID-204590",
          "CSAFPID-224787",
          "CSAFPID-1673381",
          "CSAFPID-1673382",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-37137",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-41182",
            "CSAFPID-209546",
            "CSAFPID-40608",
            "CSAFPID-180216",
            "CSAFPID-93547",
            "CSAFPID-180217",
            "CSAFPID-2310",
            "CSAFPID-40612",
            "CSAFPID-391501",
            "CSAFPID-440102",
            "CSAFPID-41516",
            "CSAFPID-41515",
            "CSAFPID-764237",
            "CSAFPID-45182",
            "CSAFPID-45181",
            "CSAFPID-45186",
            "CSAFPID-45185",
            "CSAFPID-90018",
            "CSAFPID-94290",
            "CSAFPID-260394",
            "CSAFPID-216017",
            "CSAFPID-764240",
            "CSAFPID-90021",
            "CSAFPID-94292",
            "CSAFPID-218028",
            "CSAFPID-94291",
            "CSAFPID-493443",
            "CSAFPID-224796",
            "CSAFPID-90019",
            "CSAFPID-90016",
            "CSAFPID-93777",
            "CSAFPID-93772",
            "CSAFPID-40293",
            "CSAFPID-345038",
            "CSAFPID-93629",
            "CSAFPID-93781",
            "CSAFPID-45192",
            "CSAFPID-608630",
            "CSAFPID-40292",
            "CSAFPID-40291",
            "CSAFPID-345039",
            "CSAFPID-93628",
            "CSAFPID-764780",
            "CSAFPID-764781",
            "CSAFPID-93775",
            "CSAFPID-93774",
            "CSAFPID-764782",
            "CSAFPID-342793",
            "CSAFPID-1261",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-342803",
            "CSAFPID-204563",
            "CSAFPID-221118",
            "CSAFPID-240600",
            "CSAFPID-8984",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-1899",
            "CSAFPID-41111",
            "CSAFPID-40299",
            "CSAFPID-187447",
            "CSAFPID-1900",
            "CSAFPID-40301",
            "CSAFPID-180194",
            "CSAFPID-40298",
            "CSAFPID-41112",
            "CSAFPID-41110",
            "CSAFPID-41113",
            "CSAFPID-180193",
            "CSAFPID-1898",
            "CSAFPID-40300",
            "CSAFPID-611587",
            "CSAFPID-40297",
            "CSAFPID-110244",
            "CSAFPID-110242",
            "CSAFPID-9489",
            "CSAFPID-110249",
            "CSAFPID-40294",
            "CSAFPID-110243",
            "CSAFPID-204629",
            "CSAFPID-765241",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-41183",
            "CSAFPID-207586",
            "CSAFPID-765242",
            "CSAFPID-205759",
            "CSAFPID-1893",
            "CSAFPID-765365",
            "CSAFPID-765366",
            "CSAFPID-342804",
            "CSAFPID-342805",
            "CSAFPID-204456",
            "CSAFPID-1882",
            "CSAFPID-573035",
            "CSAFPID-204645",
            "CSAFPID-765367",
            "CSAFPID-765368",
            "CSAFPID-764242",
            "CSAFPID-76994",
            "CSAFPID-204623",
            "CSAFPID-352633",
            "CSAFPID-352632",
            "CSAFPID-765369",
            "CSAFPID-204528",
            "CSAFPID-342802",
            "CSAFPID-40610",
            "CSAFPID-40611",
            "CSAFPID-40609",
            "CSAFPID-180198",
            "CSAFPID-180196",
            "CSAFPID-180201",
            "CSAFPID-180202",
            "CSAFPID-40613",
            "CSAFPID-180199",
            "CSAFPID-93546",
            "CSAFPID-180195",
            "CSAFPID-180200",
            "CSAFPID-765371",
            "CSAFPID-89545",
            "CSAFPID-180215",
            "CSAFPID-180197",
            "CSAFPID-204639",
            "CSAFPID-204627",
            "CSAFPID-226017",
            "CSAFPID-219898",
            "CSAFPID-179774",
            "CSAFPID-342799",
            "CSAFPID-765372",
            "CSAFPID-220125",
            "CSAFPID-245244",
            "CSAFPID-204554",
            "CSAFPID-764739",
            "CSAFPID-204614",
            "CSAFPID-345031",
            "CSAFPID-204635",
            "CSAFPID-204595",
            "CSAFPID-204590",
            "CSAFPID-224787",
            "CSAFPID-1673381",
            "CSAFPID-1673382",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628"
          ]
        }
      ],
      "title": "CVE-2021-37137"
    },
    {
      "cve": "CVE-2022-2068",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-40949",
          "CSAFPID-391501",
          "CSAFPID-440102",
          "CSAFPID-41516",
          "CSAFPID-41515",
          "CSAFPID-764237",
          "CSAFPID-45182",
          "CSAFPID-45181",
          "CSAFPID-45186",
          "CSAFPID-45185",
          "CSAFPID-90018",
          "CSAFPID-94290",
          "CSAFPID-260394",
          "CSAFPID-216017",
          "CSAFPID-764240",
          "CSAFPID-90021",
          "CSAFPID-94292",
          "CSAFPID-218028",
          "CSAFPID-94291",
          "CSAFPID-493443",
          "CSAFPID-224796",
          "CSAFPID-90019",
          "CSAFPID-90016",
          "CSAFPID-93777",
          "CSAFPID-93772",
          "CSAFPID-40293",
          "CSAFPID-345038",
          "CSAFPID-93629",
          "CSAFPID-93781",
          "CSAFPID-45192",
          "CSAFPID-608630",
          "CSAFPID-40292",
          "CSAFPID-40291",
          "CSAFPID-345039",
          "CSAFPID-93628",
          "CSAFPID-764780",
          "CSAFPID-764781",
          "CSAFPID-93775",
          "CSAFPID-93774",
          "CSAFPID-764782",
          "CSAFPID-342793",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-342803",
          "CSAFPID-204563",
          "CSAFPID-221118",
          "CSAFPID-240600",
          "CSAFPID-8984",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-40294",
          "CSAFPID-93631",
          "CSAFPID-764900",
          "CSAFPID-568240",
          "CSAFPID-355340",
          "CSAFPID-703515",
          "CSAFPID-204456",
          "CSAFPID-764735",
          "CSAFPID-204635",
          "CSAFPID-41183",
          "CSAFPID-234306",
          "CSAFPID-41182",
          "CSAFPID-226017",
          "CSAFPID-219898",
          "CSAFPID-179774",
          "CSAFPID-764738",
          "CSAFPID-764901",
          "CSAFPID-764902",
          "CSAFPID-220547",
          "CSAFPID-187447",
          "CSAFPID-760687",
          "CSAFPID-40947",
          "CSAFPID-2044",
          "CSAFPID-449747",
          "CSAFPID-40301",
          "CSAFPID-449746",
          "CSAFPID-40298",
          "CSAFPID-223527",
          "CSAFPID-760688",
          "CSAFPID-93636",
          "CSAFPID-40300",
          "CSAFPID-93653",
          "CSAFPID-642000",
          "CSAFPID-642002",
          "CSAFPID-642001",
          "CSAFPID-165576",
          "CSAFPID-764899",
          "CSAFPID-40948",
          "CSAFPID-426842",
          "CSAFPID-93630",
          "CSAFPID-204645",
          "CSAFPID-1893",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-2068",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-40949",
            "CSAFPID-391501",
            "CSAFPID-440102",
            "CSAFPID-41516",
            "CSAFPID-41515",
            "CSAFPID-764237",
            "CSAFPID-45182",
            "CSAFPID-45181",
            "CSAFPID-45186",
            "CSAFPID-45185",
            "CSAFPID-90018",
            "CSAFPID-94290",
            "CSAFPID-260394",
            "CSAFPID-216017",
            "CSAFPID-764240",
            "CSAFPID-90021",
            "CSAFPID-94292",
            "CSAFPID-218028",
            "CSAFPID-94291",
            "CSAFPID-493443",
            "CSAFPID-224796",
            "CSAFPID-90019",
            "CSAFPID-90016",
            "CSAFPID-93777",
            "CSAFPID-93772",
            "CSAFPID-40293",
            "CSAFPID-345038",
            "CSAFPID-93629",
            "CSAFPID-93781",
            "CSAFPID-45192",
            "CSAFPID-608630",
            "CSAFPID-40292",
            "CSAFPID-40291",
            "CSAFPID-345039",
            "CSAFPID-93628",
            "CSAFPID-764780",
            "CSAFPID-764781",
            "CSAFPID-93775",
            "CSAFPID-93774",
            "CSAFPID-764782",
            "CSAFPID-342793",
            "CSAFPID-1261",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-342803",
            "CSAFPID-204563",
            "CSAFPID-221118",
            "CSAFPID-240600",
            "CSAFPID-8984",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-40294",
            "CSAFPID-93631",
            "CSAFPID-764900",
            "CSAFPID-568240",
            "CSAFPID-355340",
            "CSAFPID-703515",
            "CSAFPID-204456",
            "CSAFPID-764735",
            "CSAFPID-204635",
            "CSAFPID-41183",
            "CSAFPID-234306",
            "CSAFPID-41182",
            "CSAFPID-226017",
            "CSAFPID-219898",
            "CSAFPID-179774",
            "CSAFPID-764738",
            "CSAFPID-764901",
            "CSAFPID-764902",
            "CSAFPID-220547",
            "CSAFPID-187447",
            "CSAFPID-760687",
            "CSAFPID-40947",
            "CSAFPID-2044",
            "CSAFPID-449747",
            "CSAFPID-40301",
            "CSAFPID-449746",
            "CSAFPID-40298",
            "CSAFPID-223527",
            "CSAFPID-760688",
            "CSAFPID-93636",
            "CSAFPID-40300",
            "CSAFPID-93653",
            "CSAFPID-642000",
            "CSAFPID-642002",
            "CSAFPID-642001",
            "CSAFPID-165576",
            "CSAFPID-764899",
            "CSAFPID-40948",
            "CSAFPID-426842",
            "CSAFPID-93630",
            "CSAFPID-204645",
            "CSAFPID-1893",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2601",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-2601",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2022-2601"
    },
    {
      "cve": "CVE-2022-23437",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-204629",
          "CSAFPID-704410",
          "CSAFPID-704411",
          "CSAFPID-704412",
          "CSAFPID-226017",
          "CSAFPID-179774",
          "CSAFPID-219898",
          "CSAFPID-219826",
          "CSAFPID-204569",
          "CSAFPID-204510",
          "CSAFPID-220057",
          "CSAFPID-220055",
          "CSAFPID-220909",
          "CSAFPID-45184",
          "CSAFPID-45182",
          "CSAFPID-220559",
          "CSAFPID-220558",
          "CSAFPID-220327",
          "CSAFPID-220325",
          "CSAFPID-219838",
          "CSAFPID-220056",
          "CSAFPID-223511",
          "CSAFPID-216017",
          "CSAFPID-220889",
          "CSAFPID-220918",
          "CSAFPID-90020",
          "CSAFPID-90015",
          "CSAFPID-220133",
          "CSAFPID-220561",
          "CSAFPID-90021",
          "CSAFPID-220881",
          "CSAFPID-94291",
          "CSAFPID-220910",
          "CSAFPID-220324",
          "CSAFPID-224796",
          "CSAFPID-224795",
          "CSAFPID-220326",
          "CSAFPID-764734",
          "CSAFPID-40293",
          "CSAFPID-220167",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764736",
          "CSAFPID-764737",
          "CSAFPID-224793",
          "CSAFPID-342793",
          "CSAFPID-1265",
          "CSAFPID-219803",
          "CSAFPID-375182",
          "CSAFPID-342803",
          "CSAFPID-1266",
          "CSAFPID-219776",
          "CSAFPID-224791",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-764738",
          "CSAFPID-240600",
          "CSAFPID-764739",
          "CSAFPID-391501",
          "CSAFPID-440102",
          "CSAFPID-41516",
          "CSAFPID-41515",
          "CSAFPID-764237",
          "CSAFPID-45181",
          "CSAFPID-45186",
          "CSAFPID-45185",
          "CSAFPID-90018",
          "CSAFPID-94290",
          "CSAFPID-260394",
          "CSAFPID-764240",
          "CSAFPID-94292",
          "CSAFPID-218028",
          "CSAFPID-493443",
          "CSAFPID-90019",
          "CSAFPID-90016",
          "CSAFPID-93777",
          "CSAFPID-93772",
          "CSAFPID-345038",
          "CSAFPID-93629",
          "CSAFPID-45192",
          "CSAFPID-608630",
          "CSAFPID-40292",
          "CSAFPID-40291",
          "CSAFPID-345039",
          "CSAFPID-93628",
          "CSAFPID-764780",
          "CSAFPID-764781",
          "CSAFPID-93775",
          "CSAFPID-93774",
          "CSAFPID-764782",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-204563",
          "CSAFPID-8984",
          "CSAFPID-220548",
          "CSAFPID-608629",
          "CSAFPID-93784",
          "CSAFPID-41111",
          "CSAFPID-1685",
          "CSAFPID-493445",
          "CSAFPID-294401",
          "CSAFPID-220547",
          "CSAFPID-764824",
          "CSAFPID-220459",
          "CSAFPID-764825",
          "CSAFPID-93635",
          "CSAFPID-503534",
          "CSAFPID-503493",
          "CSAFPID-493444",
          "CSAFPID-93633",
          "CSAFPID-260395",
          "CSAFPID-260393",
          "CSAFPID-220468",
          "CSAFPID-93636",
          "CSAFPID-93634",
          "CSAFPID-589926",
          "CSAFPID-179780",
          "CSAFPID-589925",
          "CSAFPID-179779",
          "CSAFPID-764826",
          "CSAFPID-764827",
          "CSAFPID-764828",
          "CSAFPID-764829",
          "CSAFPID-764830",
          "CSAFPID-220190",
          "CSAFPID-220189",
          "CSAFPID-764833",
          "CSAFPID-41183",
          "CSAFPID-764834",
          "CSAFPID-234306",
          "CSAFPID-764835",
          "CSAFPID-187447",
          "CSAFPID-760687",
          "CSAFPID-40947",
          "CSAFPID-2044",
          "CSAFPID-449747",
          "CSAFPID-40301",
          "CSAFPID-449746",
          "CSAFPID-40298",
          "CSAFPID-223527",
          "CSAFPID-760688",
          "CSAFPID-40300",
          "CSAFPID-93653",
          "CSAFPID-40949",
          "CSAFPID-642000",
          "CSAFPID-642002",
          "CSAFPID-642001",
          "CSAFPID-165576",
          "CSAFPID-764899",
          "CSAFPID-40948",
          "CSAFPID-426842",
          "CSAFPID-93630",
          "CSAFPID-204645",
          "CSAFPID-1893",
          "CSAFPID-40294",
          "CSAFPID-93631",
          "CSAFPID-764900",
          "CSAFPID-568240",
          "CSAFPID-355340",
          "CSAFPID-703515",
          "CSAFPID-204456",
          "CSAFPID-204635",
          "CSAFPID-41182",
          "CSAFPID-764901",
          "CSAFPID-764902",
          "CSAFPID-1899",
          "CSAFPID-40299",
          "CSAFPID-1900",
          "CSAFPID-180194",
          "CSAFPID-41112",
          "CSAFPID-41110",
          "CSAFPID-41113",
          "CSAFPID-180193",
          "CSAFPID-1898",
          "CSAFPID-611587",
          "CSAFPID-40297",
          "CSAFPID-110244",
          "CSAFPID-110242",
          "CSAFPID-9489",
          "CSAFPID-110249",
          "CSAFPID-110243",
          "CSAFPID-765241",
          "CSAFPID-209546",
          "CSAFPID-207586",
          "CSAFPID-765242",
          "CSAFPID-205759",
          "CSAFPID-765365",
          "CSAFPID-765366",
          "CSAFPID-342804",
          "CSAFPID-342805",
          "CSAFPID-1882",
          "CSAFPID-573035",
          "CSAFPID-765367",
          "CSAFPID-765368",
          "CSAFPID-764242",
          "CSAFPID-76994",
          "CSAFPID-204623",
          "CSAFPID-352633",
          "CSAFPID-352632",
          "CSAFPID-765369",
          "CSAFPID-204528",
          "CSAFPID-342802",
          "CSAFPID-40610",
          "CSAFPID-40611",
          "CSAFPID-40609",
          "CSAFPID-180198",
          "CSAFPID-180217",
          "CSAFPID-180196",
          "CSAFPID-40612",
          "CSAFPID-180201",
          "CSAFPID-180216",
          "CSAFPID-180202",
          "CSAFPID-40613",
          "CSAFPID-40608",
          "CSAFPID-180199",
          "CSAFPID-93546",
          "CSAFPID-180195",
          "CSAFPID-2310",
          "CSAFPID-93547",
          "CSAFPID-180200",
          "CSAFPID-765371",
          "CSAFPID-89545",
          "CSAFPID-180215",
          "CSAFPID-180197",
          "CSAFPID-204639",
          "CSAFPID-204627",
          "CSAFPID-342799",
          "CSAFPID-765372",
          "CSAFPID-220125",
          "CSAFPID-245244",
          "CSAFPID-204554",
          "CSAFPID-204614",
          "CSAFPID-345031",
          "CSAFPID-204595",
          "CSAFPID-204590",
          "CSAFPID-224787",
          "CSAFPID-1673065",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-23437",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json"
        }
      ],
      "title": "CVE-2022-23437"
    },
    {
      "cve": "CVE-2022-36760",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220057",
          "CSAFPID-220055",
          "CSAFPID-220909",
          "CSAFPID-45184",
          "CSAFPID-45182",
          "CSAFPID-220559",
          "CSAFPID-220558",
          "CSAFPID-220327",
          "CSAFPID-220325",
          "CSAFPID-219838",
          "CSAFPID-220056",
          "CSAFPID-223511",
          "CSAFPID-216017",
          "CSAFPID-220889",
          "CSAFPID-220918",
          "CSAFPID-90020",
          "CSAFPID-90015",
          "CSAFPID-220133",
          "CSAFPID-220561",
          "CSAFPID-90021",
          "CSAFPID-220881",
          "CSAFPID-94291",
          "CSAFPID-220910",
          "CSAFPID-220324",
          "CSAFPID-224796",
          "CSAFPID-224795",
          "CSAFPID-220326",
          "CSAFPID-764734",
          "CSAFPID-40293",
          "CSAFPID-220167",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764736",
          "CSAFPID-764737",
          "CSAFPID-224793",
          "CSAFPID-342793",
          "CSAFPID-1265",
          "CSAFPID-704412",
          "CSAFPID-704411",
          "CSAFPID-704410",
          "CSAFPID-219803",
          "CSAFPID-375182",
          "CSAFPID-342803",
          "CSAFPID-1266",
          "CSAFPID-219776",
          "CSAFPID-224791",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-764738",
          "CSAFPID-240600",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-391501",
          "CSAFPID-440102",
          "CSAFPID-41516",
          "CSAFPID-41515",
          "CSAFPID-764237",
          "CSAFPID-45181",
          "CSAFPID-45186",
          "CSAFPID-45185",
          "CSAFPID-90018",
          "CSAFPID-94290",
          "CSAFPID-260394",
          "CSAFPID-764240",
          "CSAFPID-94292",
          "CSAFPID-218028",
          "CSAFPID-493443",
          "CSAFPID-90019",
          "CSAFPID-90016",
          "CSAFPID-93777",
          "CSAFPID-93772",
          "CSAFPID-345038",
          "CSAFPID-93629",
          "CSAFPID-45192",
          "CSAFPID-608630",
          "CSAFPID-40292",
          "CSAFPID-40291",
          "CSAFPID-345039",
          "CSAFPID-93628",
          "CSAFPID-764780",
          "CSAFPID-764781",
          "CSAFPID-93775",
          "CSAFPID-93774",
          "CSAFPID-764782",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-204563",
          "CSAFPID-8984",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-36760",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220057",
            "CSAFPID-220055",
            "CSAFPID-220909",
            "CSAFPID-45184",
            "CSAFPID-45182",
            "CSAFPID-220559",
            "CSAFPID-220558",
            "CSAFPID-220327",
            "CSAFPID-220325",
            "CSAFPID-219838",
            "CSAFPID-220056",
            "CSAFPID-223511",
            "CSAFPID-216017",
            "CSAFPID-220889",
            "CSAFPID-220918",
            "CSAFPID-90020",
            "CSAFPID-90015",
            "CSAFPID-220133",
            "CSAFPID-220561",
            "CSAFPID-90021",
            "CSAFPID-220881",
            "CSAFPID-94291",
            "CSAFPID-220910",
            "CSAFPID-220324",
            "CSAFPID-224796",
            "CSAFPID-224795",
            "CSAFPID-220326",
            "CSAFPID-764734",
            "CSAFPID-40293",
            "CSAFPID-220167",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764736",
            "CSAFPID-764737",
            "CSAFPID-224793",
            "CSAFPID-342793",
            "CSAFPID-1265",
            "CSAFPID-704412",
            "CSAFPID-704411",
            "CSAFPID-704410",
            "CSAFPID-219803",
            "CSAFPID-375182",
            "CSAFPID-342803",
            "CSAFPID-1266",
            "CSAFPID-219776",
            "CSAFPID-224791",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-764738",
            "CSAFPID-240600",
            "CSAFPID-764739",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-391501",
            "CSAFPID-440102",
            "CSAFPID-41516",
            "CSAFPID-41515",
            "CSAFPID-764237",
            "CSAFPID-45181",
            "CSAFPID-45186",
            "CSAFPID-45185",
            "CSAFPID-90018",
            "CSAFPID-94290",
            "CSAFPID-260394",
            "CSAFPID-764240",
            "CSAFPID-94292",
            "CSAFPID-218028",
            "CSAFPID-493443",
            "CSAFPID-90019",
            "CSAFPID-90016",
            "CSAFPID-93777",
            "CSAFPID-93772",
            "CSAFPID-345038",
            "CSAFPID-93629",
            "CSAFPID-45192",
            "CSAFPID-608630",
            "CSAFPID-40292",
            "CSAFPID-40291",
            "CSAFPID-345039",
            "CSAFPID-93628",
            "CSAFPID-764780",
            "CSAFPID-764781",
            "CSAFPID-93775",
            "CSAFPID-93774",
            "CSAFPID-764782",
            "CSAFPID-1261",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-204563",
            "CSAFPID-8984",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2022-36760"
    },
    {
      "cve": "CVE-2023-2953",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1673391",
          "CSAFPID-1673392",
          "CSAFPID-1673393",
          "CSAFPID-1673394",
          "CSAFPID-1673395",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2953",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1673391",
            "CSAFPID-1673392",
            "CSAFPID-1673393",
            "CSAFPID-1673394",
            "CSAFPID-1673395",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2023-2953"
    },
    {
      "cve": "CVE-2023-3635",
      "cwe": {
        "id": "CWE-195",
        "name": "Signed to Unsigned Conversion Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Signed to Unsigned Conversion Error",
          "title": "CWE-195"
        },
        {
          "category": "other",
          "text": "Uncaught Exception",
          "title": "CWE-248"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-94291",
          "CSAFPID-40293",
          "CSAFPID-204622",
          "CSAFPID-1265",
          "CSAFPID-1261",
          "CSAFPID-1266",
          "CSAFPID-8984",
          "CSAFPID-1673399",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-219909",
          "CSAFPID-220558",
          "CSAFPID-221118",
          "CSAFPID-224790",
          "CSAFPID-240600",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611401",
          "CSAFPID-611406",
          "CSAFPID-611407",
          "CSAFPID-611408",
          "CSAFPID-611413",
          "CSAFPID-611595",
          "CSAFPID-204510",
          "CSAFPID-204563",
          "CSAFPID-204569",
          "CSAFPID-219803",
          "CSAFPID-219838",
          "CSAFPID-224793",
          "CSAFPID-342793",
          "CSAFPID-342803",
          "CSAFPID-614513",
          "CSAFPID-614514",
          "CSAFPID-614515",
          "CSAFPID-614516",
          "CSAFPID-614517",
          "CSAFPID-618156",
          "CSAFPID-643776",
          "CSAFPID-764237",
          "CSAFPID-764238",
          "CSAFPID-764239",
          "CSAFPID-764240",
          "CSAFPID-764241",
          "CSAFPID-764242",
          "CSAFPID-764243",
          "CSAFPID-764247",
          "CSAFPID-764248",
          "CSAFPID-764249",
          "CSAFPID-816346",
          "CSAFPID-816347",
          "CSAFPID-816348",
          "CSAFPID-816349",
          "CSAFPID-816350",
          "CSAFPID-816351",
          "CSAFPID-816352",
          "CSAFPID-816353",
          "CSAFPID-816354",
          "CSAFPID-816355",
          "CSAFPID-816357",
          "CSAFPID-816358",
          "CSAFPID-816359",
          "CSAFPID-816765",
          "CSAFPID-816766",
          "CSAFPID-816767",
          "CSAFPID-816768",
          "CSAFPID-816769",
          "CSAFPID-816770",
          "CSAFPID-816771",
          "CSAFPID-816772",
          "CSAFPID-816773",
          "CSAFPID-816774",
          "CSAFPID-816775",
          "CSAFPID-816776",
          "CSAFPID-816777",
          "CSAFPID-816778",
          "CSAFPID-816779",
          "CSAFPID-816780",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-816783",
          "CSAFPID-816784",
          "CSAFPID-816785",
          "CSAFPID-816786",
          "CSAFPID-816787",
          "CSAFPID-816788",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-816791",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-816794",
          "CSAFPID-816795",
          "CSAFPID-816796",
          "CSAFPID-816797",
          "CSAFPID-764735",
          "CSAFPID-764738",
          "CSAFPID-912073",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-912102",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3635",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-94291",
            "CSAFPID-40293",
            "CSAFPID-204622",
            "CSAFPID-1265",
            "CSAFPID-1261",
            "CSAFPID-1266",
            "CSAFPID-8984",
            "CSAFPID-1673399",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-219909",
            "CSAFPID-220558",
            "CSAFPID-221118",
            "CSAFPID-224790",
            "CSAFPID-240600",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611401",
            "CSAFPID-611406",
            "CSAFPID-611407",
            "CSAFPID-611408",
            "CSAFPID-611413",
            "CSAFPID-611595",
            "CSAFPID-204510",
            "CSAFPID-204563",
            "CSAFPID-204569",
            "CSAFPID-219803",
            "CSAFPID-219838",
            "CSAFPID-224793",
            "CSAFPID-342793",
            "CSAFPID-342803",
            "CSAFPID-614513",
            "CSAFPID-614514",
            "CSAFPID-614515",
            "CSAFPID-614516",
            "CSAFPID-614517",
            "CSAFPID-618156",
            "CSAFPID-643776",
            "CSAFPID-764237",
            "CSAFPID-764238",
            "CSAFPID-764239",
            "CSAFPID-764240",
            "CSAFPID-764241",
            "CSAFPID-764242",
            "CSAFPID-764243",
            "CSAFPID-764247",
            "CSAFPID-764248",
            "CSAFPID-764249",
            "CSAFPID-816346",
            "CSAFPID-816347",
            "CSAFPID-816348",
            "CSAFPID-816349",
            "CSAFPID-816350",
            "CSAFPID-816351",
            "CSAFPID-816352",
            "CSAFPID-816353",
            "CSAFPID-816354",
            "CSAFPID-816355",
            "CSAFPID-816357",
            "CSAFPID-816358",
            "CSAFPID-816359",
            "CSAFPID-816765",
            "CSAFPID-816766",
            "CSAFPID-816767",
            "CSAFPID-816768",
            "CSAFPID-816769",
            "CSAFPID-816770",
            "CSAFPID-816771",
            "CSAFPID-816772",
            "CSAFPID-816773",
            "CSAFPID-816774",
            "CSAFPID-816775",
            "CSAFPID-816776",
            "CSAFPID-816777",
            "CSAFPID-816778",
            "CSAFPID-816779",
            "CSAFPID-816780",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-816783",
            "CSAFPID-816784",
            "CSAFPID-816785",
            "CSAFPID-816786",
            "CSAFPID-816787",
            "CSAFPID-816788",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-816791",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-816794",
            "CSAFPID-816795",
            "CSAFPID-816796",
            "CSAFPID-816797",
            "CSAFPID-764735",
            "CSAFPID-764738",
            "CSAFPID-912073",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-912102",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242"
          ]
        }
      ],
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-4043",
      "cwe": {
        "id": "CWE-834",
        "name": "Excessive Iteration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816765",
          "CSAFPID-816766",
          "CSAFPID-816767",
          "CSAFPID-816768",
          "CSAFPID-816769",
          "CSAFPID-816770",
          "CSAFPID-816771",
          "CSAFPID-816772",
          "CSAFPID-219838",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-816774",
          "CSAFPID-816775",
          "CSAFPID-816346",
          "CSAFPID-816776",
          "CSAFPID-816348",
          "CSAFPID-816777",
          "CSAFPID-816347",
          "CSAFPID-94291",
          "CSAFPID-816778",
          "CSAFPID-614517",
          "CSAFPID-816779",
          "CSAFPID-816349",
          "CSAFPID-40293",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816780",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-816783",
          "CSAFPID-816784",
          "CSAFPID-816785",
          "CSAFPID-816353",
          "CSAFPID-816786",
          "CSAFPID-816787",
          "CSAFPID-816788",
          "CSAFPID-816352",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-342804",
          "CSAFPID-816791",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-224793",
          "CSAFPID-816794",
          "CSAFPID-342793",
          "CSAFPID-1265",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-912545",
          "CSAFPID-764240",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-224795",
          "CSAFPID-912548",
          "CSAFPID-912102",
          "CSAFPID-912549",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-1266",
          "CSAFPID-8984",
          "CSAFPID-204510",
          "CSAFPID-204563",
          "CSAFPID-204569",
          "CSAFPID-219803",
          "CSAFPID-219909",
          "CSAFPID-221118",
          "CSAFPID-224790",
          "CSAFPID-240600",
          "CSAFPID-342803",
          "CSAFPID-611595",
          "CSAFPID-764738",
          "CSAFPID-816351",
          "CSAFPID-816354",
          "CSAFPID-816355",
          "CSAFPID-816357",
          "CSAFPID-816358",
          "CSAFPID-816359",
          "CSAFPID-816795",
          "CSAFPID-816796",
          "CSAFPID-816797",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-219826",
          "CSAFPID-764739",
          "CSAFPID-912073",
          "CSAFPID-912558"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4043",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816765",
            "CSAFPID-816766",
            "CSAFPID-816767",
            "CSAFPID-816768",
            "CSAFPID-816769",
            "CSAFPID-816770",
            "CSAFPID-816771",
            "CSAFPID-816772",
            "CSAFPID-219838",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-816774",
            "CSAFPID-816775",
            "CSAFPID-816346",
            "CSAFPID-816776",
            "CSAFPID-816348",
            "CSAFPID-816777",
            "CSAFPID-816347",
            "CSAFPID-94291",
            "CSAFPID-816778",
            "CSAFPID-614517",
            "CSAFPID-816779",
            "CSAFPID-816349",
            "CSAFPID-40293",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816780",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-816783",
            "CSAFPID-816784",
            "CSAFPID-816785",
            "CSAFPID-816353",
            "CSAFPID-816786",
            "CSAFPID-816787",
            "CSAFPID-816788",
            "CSAFPID-816352",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-342804",
            "CSAFPID-816791",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-224793",
            "CSAFPID-816794",
            "CSAFPID-342793",
            "CSAFPID-1265",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-204622",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-912545",
            "CSAFPID-764240",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-224795",
            "CSAFPID-912548",
            "CSAFPID-912102",
            "CSAFPID-912549",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-1266",
            "CSAFPID-8984",
            "CSAFPID-204510",
            "CSAFPID-204563",
            "CSAFPID-204569",
            "CSAFPID-219803",
            "CSAFPID-219909",
            "CSAFPID-221118",
            "CSAFPID-224790",
            "CSAFPID-240600",
            "CSAFPID-342803",
            "CSAFPID-611595",
            "CSAFPID-764738",
            "CSAFPID-816351",
            "CSAFPID-816354",
            "CSAFPID-816355",
            "CSAFPID-816357",
            "CSAFPID-816358",
            "CSAFPID-816359",
            "CSAFPID-816795",
            "CSAFPID-816796",
            "CSAFPID-816797",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-219826",
            "CSAFPID-764739",
            "CSAFPID-912073",
            "CSAFPID-912558"
          ]
        }
      ],
      "title": "CVE-2023-4043"
    },
    {
      "cve": "CVE-2023-5685",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650751",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5685",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650751",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2023-5685"
    },
    {
      "cve": "CVE-2023-6597",
      "cwe": {
        "id": "CWE-61",
        "name": "UNIX Symbolic Link (Symlink) Following"
      },
      "notes": [
        {
          "category": "other",
          "text": "UNIX Symbolic Link (Symlink) Following",
          "title": "CWE-61"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6597",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2023-6816",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6816",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2023-6816"
    },
    {
      "cve": "CVE-2023-38408",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-45182",
          "CSAFPID-40293",
          "CSAFPID-611406",
          "CSAFPID-764237",
          "CSAFPID-220558",
          "CSAFPID-764238",
          "CSAFPID-764239",
          "CSAFPID-614513",
          "CSAFPID-643776",
          "CSAFPID-611387",
          "CSAFPID-618156",
          "CSAFPID-614516",
          "CSAFPID-614515",
          "CSAFPID-614514",
          "CSAFPID-764240",
          "CSAFPID-94291",
          "CSAFPID-611401",
          "CSAFPID-614517",
          "CSAFPID-764241",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-764243",
          "CSAFPID-342804",
          "CSAFPID-611408",
          "CSAFPID-611407",
          "CSAFPID-764247",
          "CSAFPID-764248",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-611595",
          "CSAFPID-764249",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-240600",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38408",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-45182",
            "CSAFPID-40293",
            "CSAFPID-611406",
            "CSAFPID-764237",
            "CSAFPID-220558",
            "CSAFPID-764238",
            "CSAFPID-764239",
            "CSAFPID-614513",
            "CSAFPID-643776",
            "CSAFPID-611387",
            "CSAFPID-618156",
            "CSAFPID-614516",
            "CSAFPID-614515",
            "CSAFPID-614514",
            "CSAFPID-764240",
            "CSAFPID-94291",
            "CSAFPID-611401",
            "CSAFPID-614517",
            "CSAFPID-764241",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-764243",
            "CSAFPID-342804",
            "CSAFPID-611408",
            "CSAFPID-611407",
            "CSAFPID-764247",
            "CSAFPID-764248",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-611595",
            "CSAFPID-764249",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-240600",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2023-38408"
    },
    {
      "cve": "CVE-2023-43642",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-40293",
          "CSAFPID-1265",
          "CSAFPID-1261",
          "CSAFPID-1266",
          "CSAFPID-8984",
          "CSAFPID-1673395",
          "CSAFPID-94291",
          "CSAFPID-204510",
          "CSAFPID-204563",
          "CSAFPID-204569",
          "CSAFPID-204622",
          "CSAFPID-219803",
          "CSAFPID-219838",
          "CSAFPID-219909",
          "CSAFPID-221118",
          "CSAFPID-224790",
          "CSAFPID-224793",
          "CSAFPID-240600",
          "CSAFPID-342793",
          "CSAFPID-342803",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-611595",
          "CSAFPID-614517",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764738",
          "CSAFPID-816346",
          "CSAFPID-816347",
          "CSAFPID-816348",
          "CSAFPID-816349",
          "CSAFPID-816350",
          "CSAFPID-816351",
          "CSAFPID-816352",
          "CSAFPID-816353",
          "CSAFPID-816354",
          "CSAFPID-816355",
          "CSAFPID-816357",
          "CSAFPID-816358",
          "CSAFPID-816359",
          "CSAFPID-816765",
          "CSAFPID-816766",
          "CSAFPID-816767",
          "CSAFPID-816768",
          "CSAFPID-816769",
          "CSAFPID-816770",
          "CSAFPID-816771",
          "CSAFPID-816772",
          "CSAFPID-816773",
          "CSAFPID-816774",
          "CSAFPID-816775",
          "CSAFPID-816776",
          "CSAFPID-816777",
          "CSAFPID-816778",
          "CSAFPID-816779",
          "CSAFPID-816780",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-816783",
          "CSAFPID-816784",
          "CSAFPID-816785",
          "CSAFPID-816786",
          "CSAFPID-816787",
          "CSAFPID-816788",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-816791",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-816794",
          "CSAFPID-816795",
          "CSAFPID-816796",
          "CSAFPID-816797"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-43642",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-40293",
            "CSAFPID-1265",
            "CSAFPID-1261",
            "CSAFPID-1266",
            "CSAFPID-8984",
            "CSAFPID-1673395",
            "CSAFPID-94291",
            "CSAFPID-204510",
            "CSAFPID-204563",
            "CSAFPID-204569",
            "CSAFPID-204622",
            "CSAFPID-219803",
            "CSAFPID-219838",
            "CSAFPID-219909",
            "CSAFPID-221118",
            "CSAFPID-224790",
            "CSAFPID-224793",
            "CSAFPID-240600",
            "CSAFPID-342793",
            "CSAFPID-342803",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-611595",
            "CSAFPID-614517",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764738",
            "CSAFPID-816346",
            "CSAFPID-816347",
            "CSAFPID-816348",
            "CSAFPID-816349",
            "CSAFPID-816350",
            "CSAFPID-816351",
            "CSAFPID-816352",
            "CSAFPID-816353",
            "CSAFPID-816354",
            "CSAFPID-816355",
            "CSAFPID-816357",
            "CSAFPID-816358",
            "CSAFPID-816359",
            "CSAFPID-816765",
            "CSAFPID-816766",
            "CSAFPID-816767",
            "CSAFPID-816768",
            "CSAFPID-816769",
            "CSAFPID-816770",
            "CSAFPID-816771",
            "CSAFPID-816772",
            "CSAFPID-816773",
            "CSAFPID-816774",
            "CSAFPID-816775",
            "CSAFPID-816776",
            "CSAFPID-816777",
            "CSAFPID-816778",
            "CSAFPID-816779",
            "CSAFPID-816780",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-816783",
            "CSAFPID-816784",
            "CSAFPID-816785",
            "CSAFPID-816786",
            "CSAFPID-816787",
            "CSAFPID-816788",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-816791",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-816794",
            "CSAFPID-816795",
            "CSAFPID-816796",
            "CSAFPID-816797"
          ]
        }
      ],
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-46136",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673411",
          "CSAFPID-912549",
          "CSAFPID-1673412",
          "CSAFPID-1673413",
          "CSAFPID-1673414",
          "CSAFPID-1673396",
          "CSAFPID-1503590",
          "CSAFPID-1673393",
          "CSAFPID-1673395",
          "CSAFPID-220132",
          "CSAFPID-1503585",
          "CSAFPID-1673392",
          "CSAFPID-1503589",
          "CSAFPID-1673415",
          "CSAFPID-1673416",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46136",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673411",
            "CSAFPID-912549",
            "CSAFPID-1673412",
            "CSAFPID-1673413",
            "CSAFPID-1673414",
            "CSAFPID-1673396",
            "CSAFPID-1503590",
            "CSAFPID-1673393",
            "CSAFPID-1673395",
            "CSAFPID-220132",
            "CSAFPID-1503585",
            "CSAFPID-1673392",
            "CSAFPID-1503589",
            "CSAFPID-1673415",
            "CSAFPID-1673416",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2023-46136"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-816765",
          "CSAFPID-816766",
          "CSAFPID-816767",
          "CSAFPID-816768",
          "CSAFPID-816769",
          "CSAFPID-816770",
          "CSAFPID-816771",
          "CSAFPID-816772",
          "CSAFPID-219838",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-816774",
          "CSAFPID-816775",
          "CSAFPID-816346",
          "CSAFPID-816776",
          "CSAFPID-816348",
          "CSAFPID-816777",
          "CSAFPID-816347",
          "CSAFPID-94291",
          "CSAFPID-816778",
          "CSAFPID-614517",
          "CSAFPID-816779",
          "CSAFPID-816349",
          "CSAFPID-40293",
          "CSAFPID-764242",
          "CSAFPID-816780",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-816783",
          "CSAFPID-816784",
          "CSAFPID-816785",
          "CSAFPID-816353",
          "CSAFPID-816786",
          "CSAFPID-816352",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-224793",
          "CSAFPID-342793",
          "CSAFPID-1265",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-219803",
          "CSAFPID-816351",
          "CSAFPID-611595",
          "CSAFPID-342803",
          "CSAFPID-1266",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673417",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-90016",
          "CSAFPID-764826",
          "CSAFPID-345038",
          "CSAFPID-912079",
          "CSAFPID-220132",
          "CSAFPID-93781",
          "CSAFPID-345039",
          "CSAFPID-912080",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-764240",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-224795",
          "CSAFPID-912548",
          "CSAFPID-611413",
          "CSAFPID-240600",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-816357",
          "CSAFPID-816358",
          "CSAFPID-816359",
          "CSAFPID-816787",
          "CSAFPID-816788",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-816791",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-816794",
          "CSAFPID-816795",
          "CSAFPID-816796",
          "CSAFPID-816797",
          "CSAFPID-8984",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-764739",
          "CSAFPID-765242",
          "CSAFPID-912073",
          "CSAFPID-912102",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-1503601",
          "CSAFPID-1503602"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-816765",
            "CSAFPID-816766",
            "CSAFPID-816767",
            "CSAFPID-816768",
            "CSAFPID-816769",
            "CSAFPID-816770",
            "CSAFPID-816771",
            "CSAFPID-816772",
            "CSAFPID-219838",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-816774",
            "CSAFPID-816775",
            "CSAFPID-816346",
            "CSAFPID-816776",
            "CSAFPID-816348",
            "CSAFPID-816777",
            "CSAFPID-816347",
            "CSAFPID-94291",
            "CSAFPID-816778",
            "CSAFPID-614517",
            "CSAFPID-816779",
            "CSAFPID-816349",
            "CSAFPID-40293",
            "CSAFPID-764242",
            "CSAFPID-816780",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-816783",
            "CSAFPID-816784",
            "CSAFPID-816785",
            "CSAFPID-816353",
            "CSAFPID-816786",
            "CSAFPID-816352",
            "CSAFPID-342804",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-224793",
            "CSAFPID-342793",
            "CSAFPID-1265",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-219803",
            "CSAFPID-816351",
            "CSAFPID-611595",
            "CSAFPID-342803",
            "CSAFPID-1266",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673417",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-90016",
            "CSAFPID-764826",
            "CSAFPID-345038",
            "CSAFPID-912079",
            "CSAFPID-220132",
            "CSAFPID-93781",
            "CSAFPID-345039",
            "CSAFPID-912080",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-764240",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-224795",
            "CSAFPID-912548",
            "CSAFPID-611413",
            "CSAFPID-240600",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-816357",
            "CSAFPID-816358",
            "CSAFPID-816359",
            "CSAFPID-816787",
            "CSAFPID-816788",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-816791",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-816794",
            "CSAFPID-816795",
            "CSAFPID-816796",
            "CSAFPID-816797",
            "CSAFPID-8984",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-764739",
            "CSAFPID-765242",
            "CSAFPID-912073",
            "CSAFPID-912102",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-1503601",
            "CSAFPID-1503602"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-51775",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650751",
          "CSAFPID-1673395",
          "CSAFPID-1673396",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816348",
          "CSAFPID-816773",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-51775",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650751",
            "CSAFPID-1673395",
            "CSAFPID-1673396",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816348",
            "CSAFPID-816773",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2023-51775"
    },
    {
      "cve": "CVE-2023-52428",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-912539",
          "CSAFPID-816773",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-342804",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912073",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912102",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52428",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-912539",
            "CSAFPID-816773",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-342804",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912073",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912102",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2023-52428"
    },
    {
      "cve": "CVE-2024-0450",
      "cwe": {
        "id": "CWE-450",
        "name": "Multiple Interpretations of UI Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Multiple Interpretations of UI Input",
          "title": "CWE-450"
        },
        {
          "category": "other",
          "text": "Asymmetric Resource Consumption (Amplification)",
          "title": "CWE-405"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0450",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Resource after Effective Lifetime",
          "title": "CWE-772"
        },
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1673399",
          "CSAFPID-1673391",
          "CSAFPID-1673394",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2398",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1673399",
            "CSAFPID-1673391",
            "CSAFPID-1673394",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-2398"
    },
    {
      "cve": "CVE-2024-4577",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650731",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4577",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650731",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-4577"
    },
    {
      "cve": "CVE-2024-4603",
      "cwe": {
        "id": "CWE-606",
        "name": "Unchecked Input for Loop Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Input for Loop Condition",
          "title": "CWE-606"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673391",
          "CSAFPID-1673394",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4603",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673391",
            "CSAFPID-1673394",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-4603"
    },
    {
      "cve": "CVE-2024-5585",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
          "title": "CWE-88"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650731",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5585",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650731",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628"
          ]
        }
      ],
      "title": "CVE-2024-5585"
    },
    {
      "cve": "CVE-2024-5971",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1673399",
          "CSAFPID-1673526",
          "CSAFPID-1673413",
          "CSAFPID-1673396",
          "CSAFPID-1673415",
          "CSAFPID-1673501",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5971",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1673399",
            "CSAFPID-1673526",
            "CSAFPID-1673413",
            "CSAFPID-1673396",
            "CSAFPID-1673415",
            "CSAFPID-1673501",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-5971"
    },
    {
      "cve": "CVE-2024-6162",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650751",
          "CSAFPID-1673526",
          "CSAFPID-1673399",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6162",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650751",
            "CSAFPID-1673526",
            "CSAFPID-1673399",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-6162"
    },
    {
      "cve": "CVE-2024-6387",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "Signal Handler Race Condition",
          "title": "CWE-364"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503595",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6387",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
        }
      ],
      "title": "CVE-2024-6387"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673391",
          "CSAFPID-1673394",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673530",
          "CSAFPID-1673382",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673530",
            "CSAFPID-1673382",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-22020",
      "product_status": {
        "known_affected": [
          "CSAFPID-912101",
          "CSAFPID-1673473",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22020",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912101",
            "CSAFPID-1673473",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-22020"
    },
    {
      "cve": "CVE-2024-22201",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673475",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-219776",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-224795",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816348",
          "CSAFPID-816773",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673475",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-219776",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-224795",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816348",
            "CSAFPID-816773",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22257",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-764237",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-764240",
          "CSAFPID-614517",
          "CSAFPID-224795",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-342804",
          "CSAFPID-912080",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-912073",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22257",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-764237",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-764240",
            "CSAFPID-614517",
            "CSAFPID-224795",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-342804",
            "CSAFPID-912080",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-764739",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-912073",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2024-22262",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650820",
          "CSAFPID-1650751",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650820",
            "CSAFPID-1650751",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-23672",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete Cleanup",
          "title": "CWE-459"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650826",
          "CSAFPID-1650731",
          "CSAFPID-1673382",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-912539",
          "CSAFPID-816773",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-912545",
          "CSAFPID-764240",
          "CSAFPID-912546",
          "CSAFPID-614517",
          "CSAFPID-912547",
          "CSAFPID-224795",
          "CSAFPID-912548",
          "CSAFPID-912102",
          "CSAFPID-912549",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912553",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-765242",
          "CSAFPID-912073",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23672",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650826",
            "CSAFPID-1650731",
            "CSAFPID-1673382",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-912539",
            "CSAFPID-816773",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-912545",
            "CSAFPID-764240",
            "CSAFPID-912546",
            "CSAFPID-614517",
            "CSAFPID-912547",
            "CSAFPID-224795",
            "CSAFPID-912548",
            "CSAFPID-912102",
            "CSAFPID-912549",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912553",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-342804",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-765242",
            "CSAFPID-912073",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-23807",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650734",
          "CSAFPID-1650830",
          "CSAFPID-1650777",
          "CSAFPID-204622",
          "CSAFPID-219909",
          "CSAFPID-1650778",
          "CSAFPID-41182",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650734",
            "CSAFPID-1650830",
            "CSAFPID-1650777",
            "CSAFPID-204622",
            "CSAFPID-219909",
            "CSAFPID-1650778",
            "CSAFPID-41182",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-23807"
    },
    {
      "cve": "CVE-2024-24549",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650826",
          "CSAFPID-1673382",
          "CSAFPID-1650731",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-816773",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-764240",
          "CSAFPID-614517",
          "CSAFPID-224795",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-93781",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-342804",
          "CSAFPID-912080",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-219776",
          "CSAFPID-765242",
          "CSAFPID-764739",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219826",
          "CSAFPID-912073",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24549",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650826",
            "CSAFPID-1673382",
            "CSAFPID-1650731",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-816773",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-764240",
            "CSAFPID-614517",
            "CSAFPID-224795",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-93781",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-342804",
            "CSAFPID-912080",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-219776",
            "CSAFPID-765242",
            "CSAFPID-764739",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219826",
            "CSAFPID-912073",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-25062",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650751",
          "CSAFPID-1650752",
          "CSAFPID-1673481",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-912068",
          "CSAFPID-912076",
          "CSAFPID-611387",
          "CSAFPID-912539",
          "CSAFPID-816773",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912101",
          "CSAFPID-912544",
          "CSAFPID-912077",
          "CSAFPID-816348",
          "CSAFPID-912545",
          "CSAFPID-764240",
          "CSAFPID-912546",
          "CSAFPID-614517",
          "CSAFPID-912547",
          "CSAFPID-224795",
          "CSAFPID-912548",
          "CSAFPID-912102",
          "CSAFPID-912549",
          "CSAFPID-764826",
          "CSAFPID-90016",
          "CSAFPID-912078",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-611413",
          "CSAFPID-764242",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912553",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-342804",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-765242",
          "CSAFPID-912073",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25062",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650751",
            "CSAFPID-1650752",
            "CSAFPID-1673481",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-912068",
            "CSAFPID-912076",
            "CSAFPID-611387",
            "CSAFPID-912539",
            "CSAFPID-816773",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912101",
            "CSAFPID-912544",
            "CSAFPID-912077",
            "CSAFPID-816348",
            "CSAFPID-912545",
            "CSAFPID-764240",
            "CSAFPID-912546",
            "CSAFPID-614517",
            "CSAFPID-912547",
            "CSAFPID-224795",
            "CSAFPID-912548",
            "CSAFPID-912102",
            "CSAFPID-912549",
            "CSAFPID-764826",
            "CSAFPID-90016",
            "CSAFPID-912078",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-611413",
            "CSAFPID-764242",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912553",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-342804",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-765242",
            "CSAFPID-912073",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-25638",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        },
        {
          "category": "other",
          "text": "Acceptance of Extraneous Untrusted Data With Trusted Data",
          "title": "CWE-349"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25638",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-25638"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-1670429",
          "CSAFPID-1670430",
          "CSAFPID-1670431",
          "CSAFPID-1670432",
          "CSAFPID-1670433",
          "CSAFPID-1670434",
          "CSAFPID-1670435",
          "CSAFPID-1670436",
          "CSAFPID-1670437",
          "CSAFPID-1670438",
          "CSAFPID-1670439",
          "CSAFPID-1670440",
          "CSAFPID-1670441",
          "CSAFPID-1670442",
          "CSAFPID-90016",
          "CSAFPID-93781",
          "CSAFPID-204510",
          "CSAFPID-204569",
          "CSAFPID-219776",
          "CSAFPID-219826",
          "CSAFPID-220132",
          "CSAFPID-224795",
          "CSAFPID-342804",
          "CSAFPID-611387",
          "CSAFPID-611413",
          "CSAFPID-614517",
          "CSAFPID-764237",
          "CSAFPID-764240",
          "CSAFPID-764242",
          "CSAFPID-764247",
          "CSAFPID-764735",
          "CSAFPID-764739",
          "CSAFPID-764826",
          "CSAFPID-765242",
          "CSAFPID-816348",
          "CSAFPID-816773",
          "CSAFPID-816781",
          "CSAFPID-816782",
          "CSAFPID-912068",
          "CSAFPID-912073",
          "CSAFPID-912076",
          "CSAFPID-912077",
          "CSAFPID-912078",
          "CSAFPID-912079",
          "CSAFPID-912080",
          "CSAFPID-912085",
          "CSAFPID-912101",
          "CSAFPID-912102",
          "CSAFPID-912539",
          "CSAFPID-912540",
          "CSAFPID-912541",
          "CSAFPID-912542",
          "CSAFPID-912543",
          "CSAFPID-912544",
          "CSAFPID-912545",
          "CSAFPID-912546",
          "CSAFPID-912547",
          "CSAFPID-912548",
          "CSAFPID-912549",
          "CSAFPID-912550",
          "CSAFPID-912551",
          "CSAFPID-912552",
          "CSAFPID-912553",
          "CSAFPID-912554",
          "CSAFPID-912556",
          "CSAFPID-912557",
          "CSAFPID-912558",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-1503582",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-1670429",
            "CSAFPID-1670430",
            "CSAFPID-1670431",
            "CSAFPID-1670432",
            "CSAFPID-1670433",
            "CSAFPID-1670434",
            "CSAFPID-1670435",
            "CSAFPID-1670436",
            "CSAFPID-1670437",
            "CSAFPID-1670438",
            "CSAFPID-1670439",
            "CSAFPID-1670440",
            "CSAFPID-1670441",
            "CSAFPID-1670442",
            "CSAFPID-90016",
            "CSAFPID-93781",
            "CSAFPID-204510",
            "CSAFPID-204569",
            "CSAFPID-219776",
            "CSAFPID-219826",
            "CSAFPID-220132",
            "CSAFPID-224795",
            "CSAFPID-342804",
            "CSAFPID-611387",
            "CSAFPID-611413",
            "CSAFPID-614517",
            "CSAFPID-764237",
            "CSAFPID-764240",
            "CSAFPID-764242",
            "CSAFPID-764247",
            "CSAFPID-764735",
            "CSAFPID-764739",
            "CSAFPID-764826",
            "CSAFPID-765242",
            "CSAFPID-816348",
            "CSAFPID-816773",
            "CSAFPID-816781",
            "CSAFPID-816782",
            "CSAFPID-912068",
            "CSAFPID-912073",
            "CSAFPID-912076",
            "CSAFPID-912077",
            "CSAFPID-912078",
            "CSAFPID-912079",
            "CSAFPID-912080",
            "CSAFPID-912085",
            "CSAFPID-912101",
            "CSAFPID-912102",
            "CSAFPID-912539",
            "CSAFPID-912540",
            "CSAFPID-912541",
            "CSAFPID-912542",
            "CSAFPID-912543",
            "CSAFPID-912544",
            "CSAFPID-912545",
            "CSAFPID-912546",
            "CSAFPID-912547",
            "CSAFPID-912548",
            "CSAFPID-912549",
            "CSAFPID-912550",
            "CSAFPID-912551",
            "CSAFPID-912552",
            "CSAFPID-912553",
            "CSAFPID-912554",
            "CSAFPID-912556",
            "CSAFPID-912557",
            "CSAFPID-912558",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-1503582",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673414",
          "CSAFPID-1673396",
          "CSAFPID-1673485",
          "CSAFPID-1673393",
          "CSAFPID-1673394",
          "CSAFPID-1673389",
          "CSAFPID-1672767",
          "CSAFPID-1673391",
          "CSAFPID-1673392",
          "CSAFPID-1673415",
          "CSAFPID-1673390",
          "CSAFPID-1673413",
          "CSAFPID-1673395",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673414",
            "CSAFPID-1673396",
            "CSAFPID-1673485",
            "CSAFPID-1673393",
            "CSAFPID-1673394",
            "CSAFPID-1673389",
            "CSAFPID-1672767",
            "CSAFPID-1673391",
            "CSAFPID-1673392",
            "CSAFPID-1673415",
            "CSAFPID-1673390",
            "CSAFPID-1673413",
            "CSAFPID-1673395",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1673414",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28849",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1673414",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-28849"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1635310",
          "CSAFPID-1635311",
          "CSAFPID-1635312",
          "CSAFPID-1635313",
          "CSAFPID-1635314",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635317",
          "CSAFPID-1635318",
          "CSAFPID-1635319",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1635322",
          "CSAFPID-1635323",
          "CSAFPID-1635324",
          "CSAFPID-1635325",
          "CSAFPID-1635326",
          "CSAFPID-1635327",
          "CSAFPID-1635328",
          "CSAFPID-1635329",
          "CSAFPID-1650752",
          "CSAFPID-1650751",
          "CSAFPID-1673494",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1674636",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1635310",
            "CSAFPID-1635311",
            "CSAFPID-1635312",
            "CSAFPID-1635313",
            "CSAFPID-1635314",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635317",
            "CSAFPID-1635318",
            "CSAFPID-1635319",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1635322",
            "CSAFPID-1635323",
            "CSAFPID-1635324",
            "CSAFPID-1635325",
            "CSAFPID-1635326",
            "CSAFPID-1635327",
            "CSAFPID-1635328",
            "CSAFPID-1635329",
            "CSAFPID-1650752",
            "CSAFPID-1650751",
            "CSAFPID-1673494",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1674636",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29133",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650820",
          "CSAFPID-224790",
          "CSAFPID-221118",
          "CSAFPID-1673496",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29133",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650820",
            "CSAFPID-224790",
            "CSAFPID-221118",
            "CSAFPID-1673496",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-29133"
    },
    {
      "cve": "CVE-2024-29736",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673399",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29736",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673399",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-29736"
    },
    {
      "cve": "CVE-2024-29857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673413",
          "CSAFPID-1673415",
          "CSAFPID-1673501",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646",
          "CSAFPID-220055",
          "CSAFPID-1503577",
          "CSAFPID-764237",
          "CSAFPID-912085",
          "CSAFPID-1503578",
          "CSAFPID-1503579",
          "CSAFPID-1503580",
          "CSAFPID-912101",
          "CSAFPID-1503581",
          "CSAFPID-1503322",
          "CSAFPID-912069",
          "CSAFPID-764240",
          "CSAFPID-912547",
          "CSAFPID-1503582",
          "CSAFPID-912549",
          "CSAFPID-1503583",
          "CSAFPID-1503584",
          "CSAFPID-1503585",
          "CSAFPID-1503586",
          "CSAFPID-1503587",
          "CSAFPID-1503588",
          "CSAFPID-1503316",
          "CSAFPID-1503317",
          "CSAFPID-764242",
          "CSAFPID-1503589",
          "CSAFPID-1503590",
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1503591",
          "CSAFPID-816789",
          "CSAFPID-816790",
          "CSAFPID-1503592",
          "CSAFPID-1503593",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-342804",
          "CSAFPID-1503596",
          "CSAFPID-1503597",
          "CSAFPID-1503598",
          "CSAFPID-816792",
          "CSAFPID-764247",
          "CSAFPID-912556",
          "CSAFPID-764735",
          "CSAFPID-816793",
          "CSAFPID-1503599",
          "CSAFPID-1503600",
          "CSAFPID-342793",
          "CSAFPID-816350",
          "CSAFPID-1261",
          "CSAFPID-342803",
          "CSAFPID-816354",
          "CSAFPID-204563",
          "CSAFPID-764738",
          "CSAFPID-816355",
          "CSAFPID-1503601",
          "CSAFPID-1503602",
          "CSAFPID-240600",
          "CSAFPID-204510",
          "CSAFPID-204569"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29857",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673413",
            "CSAFPID-1673415",
            "CSAFPID-1673501",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646",
            "CSAFPID-220055",
            "CSAFPID-1503577",
            "CSAFPID-764237",
            "CSAFPID-912085",
            "CSAFPID-1503578",
            "CSAFPID-1503579",
            "CSAFPID-1503580",
            "CSAFPID-912101",
            "CSAFPID-1503581",
            "CSAFPID-1503322",
            "CSAFPID-912069",
            "CSAFPID-764240",
            "CSAFPID-912547",
            "CSAFPID-1503582",
            "CSAFPID-912549",
            "CSAFPID-1503583",
            "CSAFPID-1503584",
            "CSAFPID-1503585",
            "CSAFPID-1503586",
            "CSAFPID-1503587",
            "CSAFPID-1503588",
            "CSAFPID-1503316",
            "CSAFPID-1503317",
            "CSAFPID-764242",
            "CSAFPID-1503589",
            "CSAFPID-1503590",
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1503591",
            "CSAFPID-816789",
            "CSAFPID-816790",
            "CSAFPID-1503592",
            "CSAFPID-1503593",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-342804",
            "CSAFPID-1503596",
            "CSAFPID-1503597",
            "CSAFPID-1503598",
            "CSAFPID-816792",
            "CSAFPID-764247",
            "CSAFPID-912556",
            "CSAFPID-764735",
            "CSAFPID-816793",
            "CSAFPID-1503599",
            "CSAFPID-1503600",
            "CSAFPID-342793",
            "CSAFPID-816350",
            "CSAFPID-1261",
            "CSAFPID-342803",
            "CSAFPID-816354",
            "CSAFPID-204563",
            "CSAFPID-764738",
            "CSAFPID-816355",
            "CSAFPID-1503601",
            "CSAFPID-1503602",
            "CSAFPID-240600",
            "CSAFPID-204510",
            "CSAFPID-204569"
          ]
        }
      ],
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-30251",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912079",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-30251",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912079",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-30251"
    },
    {
      "cve": "CVE-2024-31080",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-31080",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json"
        }
      ],
      "title": "CVE-2024-31080"
    },
    {
      "cve": "CVE-2024-31744",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673392",
          "CSAFPID-1673393",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-31744",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673392",
            "CSAFPID-1673393",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-31744"
    },
    {
      "cve": "CVE-2024-32760",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220132",
          "CSAFPID-912079",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-32760",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220132",
            "CSAFPID-912079",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-32760"
    },
    {
      "cve": "CVE-2024-33602",
      "cwe": {
        "id": "CWE-466",
        "name": "Return of Pointer Value Outside of Expected Range"
      },
      "notes": [
        {
          "category": "other",
          "text": "Return of Pointer Value Outside of Expected Range",
          "title": "CWE-466"
        },
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673396",
          "CSAFPID-1503594",
          "CSAFPID-1503595",
          "CSAFPID-1672762",
          "CSAFPID-1673395",
          "CSAFPID-1672764",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673494",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33602",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673396",
            "CSAFPID-1503594",
            "CSAFPID-1503595",
            "CSAFPID-1672762",
            "CSAFPID-1673395",
            "CSAFPID-1672764",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673494",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-33602"
    },
    {
      "cve": "CVE-2024-34750",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Exceptional Conditions",
          "title": "CWE-755"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673481",
          "CSAFPID-1503596",
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34750",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673481",
            "CSAFPID-1503596",
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-34750"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912549",
          "CSAFPID-1673413",
          "CSAFPID-1673414",
          "CSAFPID-1673396",
          "CSAFPID-1503590",
          "CSAFPID-1673393",
          "CSAFPID-1673395",
          "CSAFPID-1673399",
          "CSAFPID-1672767",
          "CSAFPID-1503585",
          "CSAFPID-1673392",
          "CSAFPID-1503589",
          "CSAFPID-1673415",
          "CSAFPID-1673389",
          "CSAFPID-1673390",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912549",
            "CSAFPID-1673413",
            "CSAFPID-1673414",
            "CSAFPID-1673396",
            "CSAFPID-1503590",
            "CSAFPID-1673393",
            "CSAFPID-1673395",
            "CSAFPID-1673399",
            "CSAFPID-1672767",
            "CSAFPID-1503585",
            "CSAFPID-1673392",
            "CSAFPID-1503589",
            "CSAFPID-1673415",
            "CSAFPID-1673389",
            "CSAFPID-1673390",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-37891",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Resource Transfer Between Spheres",
          "title": "CWE-669"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673396",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673396",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38816",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673420",
          "CSAFPID-1673421",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38816",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673420",
            "CSAFPID-1673421",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-38816"
    },
    {
      "cve": "CVE-2024-39689",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673396",
          "CSAFPID-1673392",
          "CSAFPID-1673393"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39689",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673396",
            "CSAFPID-1673392",
            "CSAFPID-1673393"
          ]
        }
      ],
      "title": "CVE-2024-39689"
    },
    {
      "cve": "CVE-2024-40898",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673516",
          "CSAFPID-1673411",
          "CSAFPID-1673412",
          "CSAFPID-1650731",
          "CSAFPID-1673382",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-40898",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673516",
            "CSAFPID-1673411",
            "CSAFPID-1673412",
            "CSAFPID-1650731",
            "CSAFPID-1673382",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-40898"
    },
    {
      "cve": "CVE-2024-41817",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1650731",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-1674625"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41817",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1650731",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-1674625"
          ]
        }
      ],
      "title": "CVE-2024-41817"
    },
    {
      "cve": "CVE-2024-43044",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673395",
          "CSAFPID-1673411",
          "CSAFPID-1673412",
          "CSAFPID-1673413",
          "CSAFPID-1673396",
          "CSAFPID-1673392",
          "CSAFPID-1673494",
          "CSAFPID-1673393",
          "CSAFPID-1673415",
          "CSAFPID-1673416",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43044",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673395",
            "CSAFPID-1673411",
            "CSAFPID-1673412",
            "CSAFPID-1673413",
            "CSAFPID-1673396",
            "CSAFPID-1673392",
            "CSAFPID-1673494",
            "CSAFPID-1673393",
            "CSAFPID-1673415",
            "CSAFPID-1673416",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-43044"
    },
    {
      "cve": "CVE-2024-45492",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673382",
          "CSAFPID-1673399",
          "CSAFPID-1650731",
          "CSAFPID-1673517",
          "CSAFPID-1673396",
          "CSAFPID-1674617",
          "CSAFPID-1674618",
          "CSAFPID-1674619",
          "CSAFPID-1674620",
          "CSAFPID-1674621",
          "CSAFPID-1674622",
          "CSAFPID-1674623",
          "CSAFPID-1674624",
          "CSAFPID-1674625",
          "CSAFPID-1674626",
          "CSAFPID-1674627",
          "CSAFPID-1674628",
          "CSAFPID-1635305",
          "CSAFPID-1635306",
          "CSAFPID-1635307",
          "CSAFPID-1635308",
          "CSAFPID-1635309",
          "CSAFPID-1670434",
          "CSAFPID-1674629",
          "CSAFPID-1635315",
          "CSAFPID-1635316",
          "CSAFPID-1635318",
          "CSAFPID-1674630",
          "CSAFPID-1674631",
          "CSAFPID-1674632",
          "CSAFPID-1674633",
          "CSAFPID-1674634",
          "CSAFPID-1674635",
          "CSAFPID-1635323",
          "CSAFPID-1674636",
          "CSAFPID-1635324",
          "CSAFPID-1674637",
          "CSAFPID-1674638",
          "CSAFPID-1674639",
          "CSAFPID-1674640",
          "CSAFPID-1674641",
          "CSAFPID-1674642",
          "CSAFPID-1635320",
          "CSAFPID-1635321",
          "CSAFPID-1674643",
          "CSAFPID-1674644",
          "CSAFPID-1674645",
          "CSAFPID-1674646"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673382",
            "CSAFPID-1673399",
            "CSAFPID-1650731",
            "CSAFPID-1673517",
            "CSAFPID-1673396",
            "CSAFPID-1674617",
            "CSAFPID-1674618",
            "CSAFPID-1674619",
            "CSAFPID-1674620",
            "CSAFPID-1674621",
            "CSAFPID-1674622",
            "CSAFPID-1674623",
            "CSAFPID-1674624",
            "CSAFPID-1674625",
            "CSAFPID-1674626",
            "CSAFPID-1674627",
            "CSAFPID-1674628",
            "CSAFPID-1635305",
            "CSAFPID-1635306",
            "CSAFPID-1635307",
            "CSAFPID-1635308",
            "CSAFPID-1635309",
            "CSAFPID-1670434",
            "CSAFPID-1674629",
            "CSAFPID-1635315",
            "CSAFPID-1635316",
            "CSAFPID-1635318",
            "CSAFPID-1674630",
            "CSAFPID-1674631",
            "CSAFPID-1674632",
            "CSAFPID-1674633",
            "CSAFPID-1674634",
            "CSAFPID-1674635",
            "CSAFPID-1635323",
            "CSAFPID-1674636",
            "CSAFPID-1635324",
            "CSAFPID-1674637",
            "CSAFPID-1674638",
            "CSAFPID-1674639",
            "CSAFPID-1674640",
            "CSAFPID-1674641",
            "CSAFPID-1674642",
            "CSAFPID-1635320",
            "CSAFPID-1635321",
            "CSAFPID-1674643",
            "CSAFPID-1674644",
            "CSAFPID-1674645",
            "CSAFPID-1674646"
          ]
        }
      ],
      "title": "CVE-2024-45492"
    }
  ]
}

NCSC-2024-0417

Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:19 - Updated: 2024-10-17 13:19

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in Fusion Middleware componenten, zoals WebLogic Server, WebCenter en HTTP Server.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipuleren van data - Uitvoer van willekeurige code (Administratorrechten) - Toegang tot gevoelige gegevens Omdat deze kwetsbaarheden zich bevinden in diverse Middleware producten, is niet uit te sluiten dat applicaties, draaiende op platformen ondersteund door deze middleware ook kwetsbaar zijn, danwel gevoelig voor misbruik van deze kwetsbaarheden.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer infomatie.

Kans: medium

Schade: high

CWE-1325: Improperly Controlled Sequential Memory Allocation

CWE-390: Detection of Error Condition Without Action

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-178: Improper Handling of Case Sensitivity

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CWE-190: Integer Overflow or Wraparound

CWE-404: Improper Resource Shutdown or Release

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-416: Use After Free

CWE-401: Missing Release of Memory after Effective Lifetime

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-502: Deserialization of Untrusted Data

CWE-918: Server-Side Request Forgery (SSRF)

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-11023

6.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 25 products

Product	Identifier	Version
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:10.3.6.0:::::::*`	—
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:9.1.0.0.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.3.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*`	—
webcenter_sites_support_tools oracle	`cpe:2.3:a:oracle:webcenter_sites_support_tools::::::::`	—

CVE-2020-17521

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 38 products

Product	Identifier	Version
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:9.1.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___14.1.1.0.0:::::::*`	—
business_activity_monitoring__bam_ oracle	`cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.3.0:::::::*`	—
business_activity_monitoring__bam_ oracle	`cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.4.0:::::::*`	—
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.3.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:9.1.0.0.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*`	—
webcenter_sites_support_tools oracle	`cpe:2.3:a:oracle:webcenter_sites_support_tools::::::::`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector::::::::`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:all_supported_s:::::::*`	—

CVE-2022-1471

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 26 products

Product	Identifier	Version
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:9.1.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_console___14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:_third_party___14.1.1.0.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_enterprise_capture oracle	`cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:::::::*`	—

CVE-2023-4759

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 10 products

Product	Identifier	Version
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2023-35116

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 20 products

Product	Identifier	Version
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
webcenter_enterprise_capture oracle	`cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—

CVE-2023-39743

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—

CVE-2023-51775

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
webcenter_enterprise_capture oracle	`cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—

CVE-2024-2511

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 10 products

Product	Identifier	Version
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-6345

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-21190

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
global_lifecycle_management_fmw_installer oracle	`cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:::::::*`	—

CVE-2024-21191

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
enterprise_manager_fusion_middleware_control oracle	`cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:::::::*`	—

CVE-2024-21192

CVE-2024-21205

CVE-2024-21215

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-21216

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—

CVE-2024-21234

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-21246

CVE-2024-21260

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-21274

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—

CVE-2024-22201

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
webcenter_enterprise_capture oracle	`cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—

CVE-2024-22262

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Known affected 11 products

Product	Identifier	Version
webcenter_forms_recognition oracle	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-23807

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 10 products

Product	Identifier	Version
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-24549

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 18 products

Product	Identifier	Version
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.6:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
managed_file_transfer oracle	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	—
identity_manager_connector oracle	`cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
webcenter_enterprise_capture oracle	`cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:::::::*`	—
weblogic_server_proxy_plug-in oracle	`cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—

CVE-2024-25269

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—

CVE-2024-28182

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 11 products

Product	Identifier	Version
http_server oracle	`cpe:2.3:a:oracle:http_server:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-28752

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 11 products

Product	Identifier	Version
webcenter_forms_recognition oracle	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-29131

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-787 - Out-of-bounds Write

Affected products

Known affected 10 products

Product	Identifier	Version
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—
data_integrator oracle	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	—
http_server oracle	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	—
middleware_common_libraries_and_tools oracle	`cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*`	—
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—
webcenter_content oracle	`cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*`	—
webcenter_portal oracle	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	—
webcenter_sites oracle	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	—
weblogic_server oracle	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	—

CVE-2024-36052

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—

CVE-2024-38999

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
business_process_management_suite oracle	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	—
business_activity_monitoring oracle	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	—

CVE-2024-45492

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
outside_in_technology oracle	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	—

References

31 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Fusion Middleware componenten, zoals WebLogic Server, WebCenter en HTTP Server.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens\n\nOmdat deze kwetsbaarheden zich bevinden in diverse Middleware producten, is niet uit te sluiten dat applicaties, draaiende op platformen ondersteund door deze middleware ook kwetsbaar zijn, danwel gevoelig voor misbruik van deze kwetsbaarheden.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer infomatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Sequential Memory Allocation",
        "title": "CWE-1325"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "Improper Handling of Case Sensitivity",
        "title": "CWE-178"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Release of Memory after Effective Lifetime",
        "title": "CWE-401"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2024-10-17T13:19:16.185510Z",
      "id": "NCSC-2024-0417",
      "initial_release_date": "2024-10-17T13:19:16.185510Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:19:16.185510Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "outside_in_technology",
            "product": {
              "name": "outside_in_technology",
              "product_id": "CSAFPID-292093",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "outside_in_technology",
            "product": {
              "name": "outside_in_technology",
              "product_id": "CSAFPID-1260",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "outside_in_technology",
            "product": {
              "name": "outside_in_technology",
              "product_id": "CSAFPID-912053",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server_proxy_plug-in",
            "product": {
              "name": "weblogic_server_proxy_plug-in",
              "product_id": "CSAFPID-199883",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server_proxy_plug-in",
            "product": {
              "name": "weblogic_server_proxy_plug-in",
              "product_id": "CSAFPID-951239",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764797",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764799",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_console___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764801",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_console___14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764798",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764800",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_third_party___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-764802",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:_third_party___14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-113536",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-113521",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-3663",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-94310",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-3661",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-3660",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-1504444",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "weblogic_server",
            "product": {
              "name": "weblogic_server",
              "product_id": "CSAFPID-1973",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_content",
            "product": {
              "name": "webcenter_content",
              "product_id": "CSAFPID-389123",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_content:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_content",
            "product": {
              "name": "webcenter_content",
              "product_id": "CSAFPID-179795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_enterprise_capture",
            "product": {
              "name": "webcenter_enterprise_capture",
              "product_id": "CSAFPID-912594",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_forms_recognition",
            "product": {
              "name": "webcenter_forms_recognition",
              "product_id": "CSAFPID-1673476",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_portal",
            "product": {
              "name": "webcenter_portal",
              "product_id": "CSAFPID-135359",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_portal",
            "product": {
              "name": "webcenter_portal",
              "product_id": "CSAFPID-45194",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_sites_support_tools",
            "product": {
              "name": "webcenter_sites_support_tools",
              "product_id": "CSAFPID-765268",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_sites_support_tools:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_sites",
            "product": {
              "name": "webcenter_sites",
              "product_id": "CSAFPID-9026",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_sites",
            "product": {
              "name": "webcenter_sites",
              "product_id": "CSAFPID-135354",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "webcenter_sites",
            "product": {
              "name": "webcenter_sites",
              "product_id": "CSAFPID-765390",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:webcenter_sites:all_supported_s:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "data_integrator",
            "product": {
              "name": "data_integrator",
              "product_id": "CSAFPID-204494",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "data_integrator",
            "product": {
              "name": "data_integrator",
              "product_id": "CSAFPID-204566",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_activity_monitoring__bam_",
            "product": {
              "name": "business_activity_monitoring__bam_",
              "product_id": "CSAFPID-764927",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_activity_monitoring__bam_",
            "product": {
              "name": "business_activity_monitoring__bam_",
              "product_id": "CSAFPID-764928",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_activity_monitoring",
            "product": {
              "name": "business_activity_monitoring",
              "product_id": "CSAFPID-228157",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_process_management_suite",
            "product": {
              "name": "business_process_management_suite",
              "product_id": "CSAFPID-9043",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_process_management_suite",
            "product": {
              "name": "business_process_management_suite",
              "product_id": "CSAFPID-9642",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "middleware_common_libraries_and_tools",
            "product": {
              "name": "middleware_common_libraries_and_tools",
              "product_id": "CSAFPID-94398",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "middleware_common_libraries_and_tools",
            "product": {
              "name": "middleware_common_libraries_and_tools",
              "product_id": "CSAFPID-94309",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "middleware_common_libraries_and_tools",
            "product": {
              "name": "middleware_common_libraries_and_tools",
              "product_id": "CSAFPID-94393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "enterprise_manager_fusion_middleware_control",
            "product": {
              "name": "enterprise_manager_fusion_middleware_control",
              "product_id": "CSAFPID-1673426",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "global_lifecycle_management_fmw_installer",
            "product": {
              "name": "global_lifecycle_management_fmw_installer",
              "product_id": "CSAFPID-1673425",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "http_server",
            "product": {
              "name": "http_server",
              "product_id": "CSAFPID-93909",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "http_server",
            "product": {
              "name": "http_server",
              "product_id": "CSAFPID-40303",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "http_server",
            "product": {
              "name": "http_server",
              "product_id": "CSAFPID-912074",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:http_server:14.1.1.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "managed_file_transfer",
            "product": {
              "name": "managed_file_transfer",
              "product_id": "CSAFPID-204452",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "managed_file_transfer",
            "product": {
              "name": "managed_file_transfer",
              "product_id": "CSAFPID-204581",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "identity_manager_connector",
            "product": {
              "name": "identity_manager_connector",
              "product_id": "CSAFPID-765382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:identity_manager_connector:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "identity_manager_connector",
            "product": {
              "name": "identity_manager_connector",
              "product_id": "CSAFPID-227776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "identity_manager_connector",
            "product": {
              "name": "identity_manager_connector",
              "product_id": "CSAFPID-396523",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:identity_manager_connector:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "identity_manager_connector",
            "product": {
              "name": "identity_manager_connector",
              "product_id": "CSAFPID-204638",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "identity_manager_connector",
            "product": {
              "name": "identity_manager_connector",
              "product_id": "CSAFPID-765267",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11023",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1973",
          "CSAFPID-3660",
          "CSAFPID-135354",
          "CSAFPID-9026",
          "CSAFPID-3663",
          "CSAFPID-3661",
          "CSAFPID-94310",
          "CSAFPID-113521",
          "CSAFPID-113536",
          "CSAFPID-9642",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-204581",
          "CSAFPID-94309",
          "CSAFPID-1260",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-204494",
          "CSAFPID-93909",
          "CSAFPID-765267",
          "CSAFPID-204452",
          "CSAFPID-94398",
          "CSAFPID-389123",
          "CSAFPID-135359",
          "CSAFPID-765268"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11023",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11023.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1973",
            "CSAFPID-3660",
            "CSAFPID-135354",
            "CSAFPID-9026",
            "CSAFPID-3663",
            "CSAFPID-3661",
            "CSAFPID-94310",
            "CSAFPID-113521",
            "CSAFPID-113536",
            "CSAFPID-9642",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-204581",
            "CSAFPID-94309",
            "CSAFPID-1260",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-204494",
            "CSAFPID-93909",
            "CSAFPID-765267",
            "CSAFPID-204452",
            "CSAFPID-94398",
            "CSAFPID-389123",
            "CSAFPID-135359",
            "CSAFPID-765268"
          ]
        }
      ],
      "title": "CVE-2020-11023"
    },
    {
      "cve": "CVE-2020-17521",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9642",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-396523",
          "CSAFPID-204638",
          "CSAFPID-94309",
          "CSAFPID-179795",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973",
          "CSAFPID-204581",
          "CSAFPID-1260",
          "CSAFPID-45194",
          "CSAFPID-764797",
          "CSAFPID-764798",
          "CSAFPID-3661",
          "CSAFPID-764799",
          "CSAFPID-764800",
          "CSAFPID-764801",
          "CSAFPID-764802",
          "CSAFPID-764927",
          "CSAFPID-764928",
          "CSAFPID-9043",
          "CSAFPID-93909",
          "CSAFPID-94398",
          "CSAFPID-389123",
          "CSAFPID-135359",
          "CSAFPID-9026",
          "CSAFPID-204494",
          "CSAFPID-765267",
          "CSAFPID-204452",
          "CSAFPID-765268",
          "CSAFPID-227776",
          "CSAFPID-94310",
          "CSAFPID-765382",
          "CSAFPID-292093",
          "CSAFPID-94393",
          "CSAFPID-765390"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-17521",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-17521.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9642",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-396523",
            "CSAFPID-204638",
            "CSAFPID-94309",
            "CSAFPID-179795",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973",
            "CSAFPID-204581",
            "CSAFPID-1260",
            "CSAFPID-45194",
            "CSAFPID-764797",
            "CSAFPID-764798",
            "CSAFPID-3661",
            "CSAFPID-764799",
            "CSAFPID-764800",
            "CSAFPID-764801",
            "CSAFPID-764802",
            "CSAFPID-764927",
            "CSAFPID-764928",
            "CSAFPID-9043",
            "CSAFPID-93909",
            "CSAFPID-94398",
            "CSAFPID-389123",
            "CSAFPID-135359",
            "CSAFPID-9026",
            "CSAFPID-204494",
            "CSAFPID-765267",
            "CSAFPID-204452",
            "CSAFPID-765268",
            "CSAFPID-227776",
            "CSAFPID-94310",
            "CSAFPID-765382",
            "CSAFPID-292093",
            "CSAFPID-94393",
            "CSAFPID-765390"
          ]
        }
      ],
      "title": "CVE-2020-17521"
    },
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9642",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-204581",
          "CSAFPID-94309",
          "CSAFPID-1260",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-3661",
          "CSAFPID-3660",
          "CSAFPID-1973",
          "CSAFPID-396523",
          "CSAFPID-204638",
          "CSAFPID-135354",
          "CSAFPID-764797",
          "CSAFPID-764798",
          "CSAFPID-764799",
          "CSAFPID-764800",
          "CSAFPID-764801",
          "CSAFPID-764802",
          "CSAFPID-199883",
          "CSAFPID-912074",
          "CSAFPID-94393",
          "CSAFPID-912053",
          "CSAFPID-912594",
          "CSAFPID-951239"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-1471",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json"
        }
      ],
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2023-4759",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4759",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-35116",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9642",
          "CSAFPID-40303",
          "CSAFPID-1260",
          "CSAFPID-45194",
          "CSAFPID-3661",
          "CSAFPID-3660",
          "CSAFPID-1973",
          "CSAFPID-199883",
          "CSAFPID-951239",
          "CSAFPID-94309",
          "CSAFPID-179795",
          "CSAFPID-204566",
          "CSAFPID-204581",
          "CSAFPID-94393",
          "CSAFPID-396523",
          "CSAFPID-912053",
          "CSAFPID-912074",
          "CSAFPID-912594",
          "CSAFPID-228157",
          "CSAFPID-135354"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-35116",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35116.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9642",
            "CSAFPID-40303",
            "CSAFPID-1260",
            "CSAFPID-45194",
            "CSAFPID-3661",
            "CSAFPID-3660",
            "CSAFPID-1973",
            "CSAFPID-199883",
            "CSAFPID-951239",
            "CSAFPID-94309",
            "CSAFPID-179795",
            "CSAFPID-204566",
            "CSAFPID-204581",
            "CSAFPID-94393",
            "CSAFPID-396523",
            "CSAFPID-912053",
            "CSAFPID-912074",
            "CSAFPID-912594",
            "CSAFPID-228157",
            "CSAFPID-135354"
          ]
        }
      ],
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-39743",
      "product_status": {
        "known_affected": [
          "CSAFPID-912053"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-39743",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39743.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912053"
          ]
        }
      ],
      "title": "CVE-2023-39743"
    },
    {
      "cve": "CVE-2023-51775",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1260",
          "CSAFPID-1973",
          "CSAFPID-3660",
          "CSAFPID-40303",
          "CSAFPID-45194",
          "CSAFPID-94309",
          "CSAFPID-94393",
          "CSAFPID-179795",
          "CSAFPID-199883",
          "CSAFPID-204566",
          "CSAFPID-204581",
          "CSAFPID-396523",
          "CSAFPID-912053",
          "CSAFPID-912074",
          "CSAFPID-912594",
          "CSAFPID-951239",
          "CSAFPID-228157",
          "CSAFPID-135354"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-51775",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1260",
            "CSAFPID-1973",
            "CSAFPID-3660",
            "CSAFPID-40303",
            "CSAFPID-45194",
            "CSAFPID-94309",
            "CSAFPID-94393",
            "CSAFPID-179795",
            "CSAFPID-199883",
            "CSAFPID-204566",
            "CSAFPID-204581",
            "CSAFPID-396523",
            "CSAFPID-912053",
            "CSAFPID-912074",
            "CSAFPID-912594",
            "CSAFPID-951239",
            "CSAFPID-228157",
            "CSAFPID-135354"
          ]
        }
      ],
      "title": "CVE-2023-51775"
    },
    {
      "cve": "CVE-2024-2511",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improperly Controlled Sequential Memory Allocation",
          "title": "CWE-1325"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2511",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-2511"
    },
    {
      "cve": "CVE-2024-6345",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6345",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6345.json"
        }
      ],
      "title": "CVE-2024-6345"
    },
    {
      "cve": "CVE-2024-21190",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673425"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21190",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21190.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673425"
          ]
        }
      ],
      "title": "CVE-2024-21190"
    },
    {
      "cve": "CVE-2024-21191",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673426"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21191",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21191.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673426"
          ]
        }
      ],
      "title": "CVE-2024-21191"
    },
    {
      "cve": "CVE-2024-21192",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21192",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21192.json"
        }
      ],
      "title": "CVE-2024-21192"
    },
    {
      "cve": "CVE-2024-21205",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21205",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21205.json"
        }
      ],
      "title": "CVE-2024-21205"
    },
    {
      "cve": "CVE-2024-21215",
      "product_status": {
        "known_affected": [
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21215",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21215.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-21215"
    },
    {
      "cve": "CVE-2024-21216",
      "product_status": {
        "known_affected": [
          "CSAFPID-1973",
          "CSAFPID-3660"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21216",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21216.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1973",
            "CSAFPID-3660"
          ]
        }
      ],
      "title": "CVE-2024-21216"
    },
    {
      "cve": "CVE-2024-21234",
      "product_status": {
        "known_affected": [
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21234",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21234.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-21234"
    },
    {
      "cve": "CVE-2024-21246",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21246",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21246.json"
        }
      ],
      "title": "CVE-2024-21246"
    },
    {
      "cve": "CVE-2024-21260",
      "product_status": {
        "known_affected": [
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21260",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21260.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-21260"
    },
    {
      "cve": "CVE-2024-21274",
      "product_status": {
        "known_affected": [
          "CSAFPID-1973",
          "CSAFPID-3660"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21274",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21274.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1973",
            "CSAFPID-3660"
          ]
        }
      ],
      "title": "CVE-2024-21274"
    },
    {
      "cve": "CVE-2024-22201",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-199883",
          "CSAFPID-1260",
          "CSAFPID-1973",
          "CSAFPID-3660",
          "CSAFPID-40303",
          "CSAFPID-45194",
          "CSAFPID-94309",
          "CSAFPID-94393",
          "CSAFPID-179795",
          "CSAFPID-204566",
          "CSAFPID-204581",
          "CSAFPID-396523",
          "CSAFPID-912053",
          "CSAFPID-912074",
          "CSAFPID-912594",
          "CSAFPID-951239",
          "CSAFPID-228157",
          "CSAFPID-135354"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-199883",
            "CSAFPID-1260",
            "CSAFPID-1973",
            "CSAFPID-3660",
            "CSAFPID-40303",
            "CSAFPID-45194",
            "CSAFPID-94309",
            "CSAFPID-94393",
            "CSAFPID-179795",
            "CSAFPID-204566",
            "CSAFPID-204581",
            "CSAFPID-396523",
            "CSAFPID-912053",
            "CSAFPID-912074",
            "CSAFPID-912594",
            "CSAFPID-951239",
            "CSAFPID-228157",
            "CSAFPID-135354"
          ]
        }
      ],
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22262",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673476",
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673476",
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-23807",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23807",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-23807"
    },
    {
      "cve": "CVE-2024-24549",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-199883",
          "CSAFPID-1260",
          "CSAFPID-1973",
          "CSAFPID-3660",
          "CSAFPID-40303",
          "CSAFPID-45194",
          "CSAFPID-94309",
          "CSAFPID-94393",
          "CSAFPID-179795",
          "CSAFPID-204566",
          "CSAFPID-204581",
          "CSAFPID-396523",
          "CSAFPID-912053",
          "CSAFPID-912074",
          "CSAFPID-912594",
          "CSAFPID-951239",
          "CSAFPID-228157",
          "CSAFPID-135354"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24549",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-199883",
            "CSAFPID-1260",
            "CSAFPID-1973",
            "CSAFPID-3660",
            "CSAFPID-40303",
            "CSAFPID-45194",
            "CSAFPID-94309",
            "CSAFPID-94393",
            "CSAFPID-179795",
            "CSAFPID-204566",
            "CSAFPID-204581",
            "CSAFPID-396523",
            "CSAFPID-912053",
            "CSAFPID-912074",
            "CSAFPID-912594",
            "CSAFPID-951239",
            "CSAFPID-228157",
            "CSAFPID-135354"
          ]
        }
      ],
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-25269",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912053"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25269",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25269.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912053"
          ]
        }
      ],
      "title": "CVE-2024-25269"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912074",
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912074",
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-28752",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673476",
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28752",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673476",
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-28752"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-228157",
          "CSAFPID-204566",
          "CSAFPID-40303",
          "CSAFPID-94309",
          "CSAFPID-912053",
          "CSAFPID-179795",
          "CSAFPID-45194",
          "CSAFPID-135354",
          "CSAFPID-3660",
          "CSAFPID-1973"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-228157",
            "CSAFPID-204566",
            "CSAFPID-40303",
            "CSAFPID-94309",
            "CSAFPID-912053",
            "CSAFPID-179795",
            "CSAFPID-45194",
            "CSAFPID-135354",
            "CSAFPID-3660",
            "CSAFPID-1973"
          ]
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-36052",
      "product_status": {
        "known_affected": [
          "CSAFPID-912053"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36052",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36052.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912053"
          ]
        }
      ],
      "title": "CVE-2024-36052"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9642",
          "CSAFPID-228157"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9642",
            "CSAFPID-228157"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-45492",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-912053"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-912053"
          ]
        }
      ],
      "title": "CVE-2024-45492"
    }
  ]
}

NCSC-2024-0420

Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:20 - Updated: 2024-10-17 13:20

Summary

Kwetsbaarheden verholpen in Oracle MySQL

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in MySQL.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of om toegang te krijgen tot gevoelige gegevens in de database en deze mogelijk te manipuleren.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-390: Detection of Error Condition Without Action

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-345: Insufficient Verification of Data Authenticity

CWE-190: Integer Overflow or Wraparound

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-20: Improper Input Validation

CVE-2023-45853

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 5 products

Product	Identifier	Version
mysql_cluster oracle	`cpe:2.3:a:oracle:mysql_cluster::::::::`	—
mysql_connectors oracle	`cpe:2.3:a:oracle:mysql_connectors::::::::`	—
mysql_enterprise_monitor oracle	`cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::`	—
mysql_server oracle	`cpe:2.3:a:oracle:mysql_server::::::::`	—
mysql_workbench oracle	`cpe:2.3:a:oracle:mysql_workbench::::::::`	—

CVE-2024-5535

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql_enterprise_backup oracle	`cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.1_and_prior:::::::*`	—

CVE-2024-7264

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql_enterprise_backup oracle	`cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.1_and_prior:::::::*`	—

CVE-2024-21193

CVE-2024-21194

CVE-2024-21196

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21197

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21198

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21199

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21200

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21201

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21203

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21204

CVE-2024-21207

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21209

2.0 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
mysql_client oracle	`cpe:2.3:a:oracle:mysql_client:9.0.1_and_prior:::::::*`	—
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21212

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21213

4.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21218

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21219

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21230

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21231

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21232

2.2 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21236

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21237

2.2 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21238

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21239

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21241

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21243

2.2 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21244

2.2 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21247

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
mysql_client oracle	`cpe:2.3:a:oracle:mysql_client:9.0.1_and_prior:::::::*`	—
mysql oracle	`cpe:2.3:a:oracle:mysql::::::::`	—

CVE-2024-21262

CVE-2024-21272

CVE-2024-28182

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 5 products

Product	Identifier	Version
mysql_cluster oracle	`cpe:2.3:a:oracle:mysql_cluster::::::::`	—
mysql_connectors oracle	`cpe:2.3:a:oracle:mysql_connectors::::::::`	—
mysql_enterprise_monitor oracle	`cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::`	—
mysql_server oracle	`cpe:2.3:a:oracle:mysql_server::::::::`	—
mysql_workbench oracle	`cpe:2.3:a:oracle:mysql_workbench::::::::`	—

CVE-2024-37371

CWE-130 - Improper Handling of Length Parameter Inconsistency

CVE-2024-39689

CWE-345 - Insufficient Verification of Data Authenticity

References

36 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in MySQL.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of om toegang te krijgen tot gevoelige gegevens in de database en deze mogelijk te manipuleren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle MySQL",
    "tracking": {
      "current_release_date": "2024-10-17T13:20:42.437738Z",
      "id": "NCSC-2024-0420",
      "initial_release_date": "2024-10-17T13:20:42.437738Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:20:42.437738Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "mysql_cluster",
            "product": {
              "name": "mysql_cluster",
              "product_id": "CSAFPID-764289",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_connectors",
            "product": {
              "name": "mysql_connectors",
              "product_id": "CSAFPID-221160",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql",
            "product": {
              "name": "mysql",
              "product_id": "CSAFPID-249429",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_enterprise_backup",
            "product": {
              "name": "mysql_enterprise_backup",
              "product_id": "CSAFPID-1673522",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.1_and_prior:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_enterprise_monitor",
            "product": {
              "name": "mysql_enterprise_monitor",
              "product_id": "CSAFPID-764290",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_server",
            "product": {
              "name": "mysql_server",
              "product_id": "CSAFPID-504250",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_workbench",
            "product": {
              "name": "mysql_workbench",
              "product_id": "CSAFPID-764763",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mysql_client",
            "product": {
              "name": "mysql_client",
              "product_id": "CSAFPID-1673440",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:mysql_client:9.0.1_and_prior:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45853",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764289",
          "CSAFPID-221160",
          "CSAFPID-764290",
          "CSAFPID-504250",
          "CSAFPID-764763"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45853",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764289",
            "CSAFPID-221160",
            "CSAFPID-764290",
            "CSAFPID-504250",
            "CSAFPID-764763"
          ]
        }
      ],
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673522"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673522"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-7264",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673522"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7264",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673522"
          ]
        }
      ],
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-21193",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21193",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21193.json"
        }
      ],
      "title": "CVE-2024-21193"
    },
    {
      "cve": "CVE-2024-21194",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21194",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21194.json"
        }
      ],
      "title": "CVE-2024-21194"
    },
    {
      "cve": "CVE-2024-21196",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21196",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21196.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21196"
    },
    {
      "cve": "CVE-2024-21197",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21197",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21197.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21197"
    },
    {
      "cve": "CVE-2024-21198",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21198",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21198.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21198"
    },
    {
      "cve": "CVE-2024-21199",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21199",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21199.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21199"
    },
    {
      "cve": "CVE-2024-21200",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21200",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21200.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21200"
    },
    {
      "cve": "CVE-2024-21201",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21201"
    },
    {
      "cve": "CVE-2024-21203",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21203",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21203.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21203"
    },
    {
      "cve": "CVE-2024-21204",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21204",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21204.json"
        }
      ],
      "title": "CVE-2024-21204"
    },
    {
      "cve": "CVE-2024-21207",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21207",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21207.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21207"
    },
    {
      "cve": "CVE-2024-21209",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673440",
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21209",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21209.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.0,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673440",
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21209"
    },
    {
      "cve": "CVE-2024-21212",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21212",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21212.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21212"
    },
    {
      "cve": "CVE-2024-21213",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21213",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21213.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21213"
    },
    {
      "cve": "CVE-2024-21218",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21218",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21218.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21218"
    },
    {
      "cve": "CVE-2024-21219",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21219",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21219.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21219"
    },
    {
      "cve": "CVE-2024-21230",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21230",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21230.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21230"
    },
    {
      "cve": "CVE-2024-21231",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21231",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21231.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21231"
    },
    {
      "cve": "CVE-2024-21232",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21232.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21232"
    },
    {
      "cve": "CVE-2024-21236",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21236",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21236.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21236"
    },
    {
      "cve": "CVE-2024-21237",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21237",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21237.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21237"
    },
    {
      "cve": "CVE-2024-21238",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21238",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21238.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21238"
    },
    {
      "cve": "CVE-2024-21239",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21239",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21239.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21239"
    },
    {
      "cve": "CVE-2024-21241",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21241",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21241.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21241"
    },
    {
      "cve": "CVE-2024-21243",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21243",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21243.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21243"
    },
    {
      "cve": "CVE-2024-21244",
      "product_status": {
        "known_affected": [
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21244",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21244.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21244"
    },
    {
      "cve": "CVE-2024-21247",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673440",
          "CSAFPID-249429"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21247",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21247.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673440",
            "CSAFPID-249429"
          ]
        }
      ],
      "title": "CVE-2024-21247"
    },
    {
      "cve": "CVE-2024-21262",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21262.json"
        }
      ],
      "title": "CVE-2024-21262"
    },
    {
      "cve": "CVE-2024-21272",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21272",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21272.json"
        }
      ],
      "title": "CVE-2024-21272"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764289",
          "CSAFPID-221160",
          "CSAFPID-764290",
          "CSAFPID-504250",
          "CSAFPID-764763"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764289",
            "CSAFPID-221160",
            "CSAFPID-764290",
            "CSAFPID-504250",
            "CSAFPID-764763"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json"
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-39689",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39689",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json"
        }
      ],
      "title": "CVE-2024-39689"
    }
  ]
}

NCSC-2025-0330

Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20

Summary

Kwetsbaarheden verholpen in Oracle Communications producten

Notes

Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.

Interpretaties: De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23: Relative Path Traversal

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-121: Stack-based Buffer Overflow

CWE-122: Heap-based Buffer Overflow

CWE-124: Buffer Underwrite ('Buffer Underflow')

CWE-125: Out-of-bounds Read

CWE-129: Improper Validation of Array Index

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-147: Improper Neutralization of Input Terminators

CWE-190: Integer Overflow or Wraparound

CWE-197: Numeric Truncation Error

CWE-241: Improper Handling of Unexpected Data Type

CWE-252: Unchecked Return Value

CWE-253: Incorrect Check of Function Return Value

CWE-284: Improper Access Control

CWE-287: Improper Authentication

CWE-290: Authentication Bypass by Spoofing

CWE-328: Use of Weak Hash

CWE-385: Covert Timing Channel

CWE-390: Detection of Error Condition Without Action

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-407: Inefficient Algorithmic Complexity

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)

CWE-415: Double Free

CWE-416: Use After Free

CWE-426: Untrusted Search Path

CWE-440: Expected Behavior Violation

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-476: NULL Pointer Dereference

CWE-674: Uncontrolled Recursion

CWE-697: Incorrect Comparison

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-789: Memory Allocation with Excessive Size Value

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CWE-1284: Improper Validation of Specified Quantity in Input

CWE-1333: Inefficient Regular Expression Complexity

CVE-2023-26555

Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.

6.4 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-7254

Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-8006

Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-12133

Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-28182

Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-35164

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-37371

Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-47554

Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-50609

Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-51504

Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-290 - Authentication Bypass by Spoofing

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-57699

Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-1948

Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-3576

Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-328 - Use of Weak Hash

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4373

Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U

CWE-124 - Buffer Underwrite ('Buffer Underflow')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4517

Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.

9.4 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4802

Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-426 - Untrusted Search Path

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5115

The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5318

Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5399

Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5889

The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-6965

Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-197 - Numeric Truncation Error

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7339

Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.

3.4 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-241 - Improper Handling of Unexpected Data Type

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7425

Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7962

Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-147 - Improper Neutralization of Input Terminators

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-8058

Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

CWE-415 - Double Free

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-8916

Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-9086

The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-25724

Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-252 - Unchecked Return Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27210

Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27533

Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27553

Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-23 - Relative Path Traversal

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27587

OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27817

Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32415

Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32728

Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.

4.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-440 - Expected Behavior Violation

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32990

Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48924

Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48976

Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48989

Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-49796

Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-52999

Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53547

Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53643

Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53864

Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-54090

Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-253 - Incorrect Check of Function Return Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-55163

Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-57803

ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-58057

Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-59375

A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

References

51 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2025.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
        "title": "CWE-124"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Validation of Array Index",
        "title": "CWE-129"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input Terminators",
        "title": "CWE-147"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Numeric Truncation Error",
        "title": "CWE-197"
      },
      {
        "category": "general",
        "text": "Improper Handling of Unexpected Data Type",
        "title": "CWE-241"
      },
      {
        "category": "general",
        "text": "Unchecked Return Value",
        "title": "CWE-252"
      },
      {
        "category": "general",
        "text": "Incorrect Check of Function Return Value",
        "title": "CWE-253"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Spoofing",
        "title": "CWE-290"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Covert Timing Channel",
        "title": "CWE-385"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
        "title": "CWE-409"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Untrusted Search Path",
        "title": "CWE-426"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Incorrect Comparison",
        "title": "CWE-697"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications producten",
    "tracking": {
      "current_release_date": "2025-10-23T13:20:15.363063Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0330",
      "initial_release_date": "2025-10-23T13:20:15.363063Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:20:15.363063Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Cloud Native Core Console"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Management Cloud Engine"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Billing and Revenue Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Calendar Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Automated Test Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Binding Support Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Certificate Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core DBTier"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Repository Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Policy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Service Communication Proxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Unified Data Repository"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Converged Charging System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Convergence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Convergent Charging Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Diameter Signaling Router"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications EAGLE Element Management System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications EAGLE LNP Application Processor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications LSMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Messaging Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Analytics Data Director"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Charging and Control"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Integrity"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Offline Mediation Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Operations Monitor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Order and Service Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Pricing Design Center"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Service Catalog and Design"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Assurance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Inventory Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Communications Broker"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Operations Monitor"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26555",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26555 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2023-26555"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-8006",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8006 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-8006"
    },
    {
      "cve": "CVE-2024-12133",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12133 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-35164",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Array Index",
          "title": "CWE-129"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35164 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-35164"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-50609",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-50609"
    },
    {
      "cve": "CVE-2024-51504",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass by Spoofing",
          "title": "CWE-290"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-51504 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-51504"
    },
    {
      "cve": "CVE-2024-57699",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-57699 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2025-1948",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-1948 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-1948"
    },
    {
      "cve": "CVE-2025-3576",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-3576 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-3576"
    },
    {
      "cve": "CVE-2025-4373",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
          "title": "CWE-124"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4373 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4373"
    },
    {
      "cve": "CVE-2025-4517",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4517 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4517"
    },
    {
      "cve": "CVE-2025-4802",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Search Path",
          "title": "CWE-426"
        },
        {
          "category": "description",
          "text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4802 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4802"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-5318",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5318 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-5399",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5399 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5399"
    },
    {
      "cve": "CVE-2025-5889",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5889 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5889"
    },
    {
      "cve": "CVE-2025-6965",
      "cwe": {
        "id": "CWE-197",
        "name": "Numeric Truncation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Numeric Truncation Error",
          "title": "CWE-197"
        },
        {
          "category": "description",
          "text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-6965 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-7339",
      "cwe": {
        "id": "CWE-241",
        "name": "Improper Handling of Unexpected Data Type"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Unexpected Data Type",
          "title": "CWE-241"
        },
        {
          "category": "description",
          "text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7339 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7339"
    },
    {
      "cve": "CVE-2025-7425",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7425 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7425"
    },
    {
      "cve": "CVE-2025-7962",
      "cwe": {
        "id": "CWE-147",
        "name": "Improper Neutralization of Input Terminators"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input Terminators",
          "title": "CWE-147"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7962 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7962"
    },
    {
      "cve": "CVE-2025-8058",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8058 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-8058"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-25724",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Return Value",
          "title": "CWE-252"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25724 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-25724"
    },
    {
      "cve": "CVE-2025-27210",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27210 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27210"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27553",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27553 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27553"
    },
    {
      "cve": "CVE-2025-27587",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Covert Timing Channel",
          "title": "CWE-385"
        },
        {
          "category": "description",
          "text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27587 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27587"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-32415",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32415 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32415"
    },
    {
      "cve": "CVE-2025-32728",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32728 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32728"
    },
    {
      "cve": "CVE-2025-32990",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32990 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48989 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49796",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49796 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-52999",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "description",
          "text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-52999 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-53547",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "description",
          "text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53547 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53547"
    },
    {
      "cve": "CVE-2025-53643",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53643 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53643"
    },
    {
      "cve": "CVE-2025-53864",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-54090",
      "cwe": {
        "id": "CWE-253",
        "name": "Incorrect Check of Function Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Check of Function Return Value",
          "title": "CWE-253"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54090 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-54090"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-57803",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57803 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-57803"
    },
    {
      "cve": "CVE-2025-58057",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
          "title": "CWE-409"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

OPENSUSE-SU-2024:13825-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libnghttp2-14-1.61.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: libnghttp2-14-1.61.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the libnghttp2-14-1.61.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13825

CVE-2024-28182

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nghttp2-1.61.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nghttp2-1.61.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nghttp2-1.61.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:nghttp2-1.61.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-28182/	self
https://www.suse.com/security/cve/CVE-2024-28182	external
https://bugzilla.suse.com/1221399	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libnghttp2-14-1.61.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libnghttp2-14-1.61.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13825",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13825-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-28182 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-28182/"
      }
    ],
    "title": "libnghttp2-14-1.61.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13825-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnghttp2-14-1.61.0-1.1.aarch64",
                "product": {
                  "name": "libnghttp2-14-1.61.0-1.1.aarch64",
                  "product_id": "libnghttp2-14-1.61.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-14-32bit-1.61.0-1.1.aarch64",
                "product": {
                  "name": "libnghttp2-14-32bit-1.61.0-1.1.aarch64",
                  "product_id": "libnghttp2-14-32bit-1.61.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-devel-1.61.0-1.1.aarch64",
                "product": {
                  "name": "libnghttp2-devel-1.61.0-1.1.aarch64",
                  "product_id": "libnghttp2-devel-1.61.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nghttp2-1.61.0-1.1.aarch64",
                "product": {
                  "name": "nghttp2-1.61.0-1.1.aarch64",
                  "product_id": "nghttp2-1.61.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnghttp2-14-1.61.0-1.1.ppc64le",
                "product": {
                  "name": "libnghttp2-14-1.61.0-1.1.ppc64le",
                  "product_id": "libnghttp2-14-1.61.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
                "product": {
                  "name": "libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
                  "product_id": "libnghttp2-14-32bit-1.61.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-devel-1.61.0-1.1.ppc64le",
                "product": {
                  "name": "libnghttp2-devel-1.61.0-1.1.ppc64le",
                  "product_id": "libnghttp2-devel-1.61.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nghttp2-1.61.0-1.1.ppc64le",
                "product": {
                  "name": "nghttp2-1.61.0-1.1.ppc64le",
                  "product_id": "nghttp2-1.61.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnghttp2-14-1.61.0-1.1.s390x",
                "product": {
                  "name": "libnghttp2-14-1.61.0-1.1.s390x",
                  "product_id": "libnghttp2-14-1.61.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-14-32bit-1.61.0-1.1.s390x",
                "product": {
                  "name": "libnghttp2-14-32bit-1.61.0-1.1.s390x",
                  "product_id": "libnghttp2-14-32bit-1.61.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-devel-1.61.0-1.1.s390x",
                "product": {
                  "name": "libnghttp2-devel-1.61.0-1.1.s390x",
                  "product_id": "libnghttp2-devel-1.61.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nghttp2-1.61.0-1.1.s390x",
                "product": {
                  "name": "nghttp2-1.61.0-1.1.s390x",
                  "product_id": "nghttp2-1.61.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnghttp2-14-1.61.0-1.1.x86_64",
                "product": {
                  "name": "libnghttp2-14-1.61.0-1.1.x86_64",
                  "product_id": "libnghttp2-14-1.61.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-14-32bit-1.61.0-1.1.x86_64",
                "product": {
                  "name": "libnghttp2-14-32bit-1.61.0-1.1.x86_64",
                  "product_id": "libnghttp2-14-32bit-1.61.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libnghttp2-devel-1.61.0-1.1.x86_64",
                "product": {
                  "name": "libnghttp2-devel-1.61.0-1.1.x86_64",
                  "product_id": "libnghttp2-devel-1.61.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nghttp2-1.61.0-1.1.x86_64",
                "product": {
                  "name": "nghttp2-1.61.0-1.1.x86_64",
                  "product_id": "nghttp2-1.61.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-1.61.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.aarch64"
        },
        "product_reference": "libnghttp2-14-1.61.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-1.61.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.ppc64le"
        },
        "product_reference": "libnghttp2-14-1.61.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-1.61.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.s390x"
        },
        "product_reference": "libnghttp2-14-1.61.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-1.61.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.x86_64"
        },
        "product_reference": "libnghttp2-14-1.61.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-32bit-1.61.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.aarch64"
        },
        "product_reference": "libnghttp2-14-32bit-1.61.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-32bit-1.61.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.ppc64le"
        },
        "product_reference": "libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-32bit-1.61.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.s390x"
        },
        "product_reference": "libnghttp2-14-32bit-1.61.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-14-32bit-1.61.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.x86_64"
        },
        "product_reference": "libnghttp2-14-32bit-1.61.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-devel-1.61.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.aarch64"
        },
        "product_reference": "libnghttp2-devel-1.61.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-devel-1.61.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.ppc64le"
        },
        "product_reference": "libnghttp2-devel-1.61.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-devel-1.61.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.s390x"
        },
        "product_reference": "libnghttp2-devel-1.61.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnghttp2-devel-1.61.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.x86_64"
        },
        "product_reference": "libnghttp2-devel-1.61.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nghttp2-1.61.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.aarch64"
        },
        "product_reference": "nghttp2-1.61.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nghttp2-1.61.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.ppc64le"
        },
        "product_reference": "nghttp2-1.61.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nghttp2-1.61.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.s390x"
        },
        "product_reference": "nghttp2-1.61.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nghttp2-1.61.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.x86_64"
        },
        "product_reference": "nghttp2-1.61.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28182",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-28182"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.aarch64",
          "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.s390x",
          "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.x86_64",
          "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.aarch64",
          "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.s390x",
          "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.x86_64",
          "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.aarch64",
          "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.s390x",
          "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.x86_64",
          "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.aarch64",
          "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.ppc64le",
          "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.s390x",
          "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-28182",
          "url": "https://www.suse.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221399 for CVE-2024-28182",
          "url": "https://bugzilla.suse.com/1221399"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-14-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-14-32bit-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:libnghttp2-devel-1.61.0-1.1.x86_64",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.aarch64",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.ppc64le",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.s390x",
            "openSUSE Tumbleweed:nghttp2-1.61.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-28182"
    }
  ]
}

RHSA-2024:2693

Vulnerability from csaf_redhat - Published: 2024-05-07 15:50 - Updated: 2026-04-30 13:17

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update

Severity

Moderate

Notes

Topic: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Security Fix(es): * curl: Usage of disabled protocol (CVE-2024-2004) * curl: QUIC certificate check bypass with wolfSSL (CVE-2024-2379) * curl: HTTP/2 push headers memory-leak (CVE-2024-2398) * curl: TLS certificate check bypass with mbedTLS (CVE-2024-2466) * jbcs-httpd24-httpd: httpd: CONTINUATION frames DoS (CVE-2024-27316) * jbcs-httpd24-mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) * jbcs-httpd24-nghttp2: httpd: CONTINUATION frames DoS (CVE-2024-27316) * jbcs-httpd24-nghttp2: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-2004

A flaw was found in curl. When a protocol selection parameter disables all protocols without adding any, the default set of protocols remains in the allowed set due to a logic error, allowing usage of disabled protocols.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-115 - Misinterpretation of Input

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2024-2379

A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2024-2398

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-2466

A flaw was found in curl. When curl is built to use mbedTLS as the TLS backend, it does not check the server certificate of TLS connections done to a host specified as an IP address.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-27316

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-28182

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 76 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2693	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268277	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270497	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270498	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270500	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-2004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270500	external
https://www.cve.org/CVERecord?id=CVE-2024-2004	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2004	external
https://curl.se/docs/CVE-2024-2004.html	external
https://access.redhat.com/security/cve/CVE-2024-2379	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270499	external
https://www.cve.org/CVERecord?id=CVE-2024-2379	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2379	external
https://curl.se/docs/CVE-2024-2379.html	external
https://access.redhat.com/security/cve/CVE-2024-2398	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270498	external
https://www.cve.org/CVERecord?id=CVE-2024-2398	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2398	external
https://curl.se/docs/CVE-2024-2398.html	external
https://access.redhat.com/security/cve/CVE-2024-2466	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270497	external
https://www.cve.org/CVERecord?id=CVE-2024-2466	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2466	external
https://curl.se/docs/CVE-2024-2466.html	external
https://access.redhat.com/security/cve/CVE-2024-27316	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268277	external
https://www.cve.org/CVERecord?id=CVE-2024-27316	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27316	external
https://httpd.apache.org/security/vulnerabilities…	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* curl: Usage of disabled protocol (CVE-2024-2004)\n* curl: QUIC certificate check bypass with wolfSSL (CVE-2024-2379)\n* curl: HTTP/2 push headers memory-leak (CVE-2024-2398)\n* curl: TLS certificate check bypass with mbedTLS (CVE-2024-2466)\n* jbcs-httpd24-httpd: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-nghttp2: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-nghttp2: nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2693",
        "url": "https://access.redhat.com/errata/RHSA-2024:2693"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_4_release_notes",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_4_release_notes"
      },
      {
        "category": "external",
        "summary": "2268277",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497"
      },
      {
        "category": "external",
        "summary": "2270498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
      },
      {
        "category": "external",
        "summary": "2270499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270499"
      },
      {
        "category": "external",
        "summary": "2270500",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2693.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update",
    "tracking": {
      "current_release_date": "2026-04-30T13:17:34+00:00",
      "generator": {
        "date": "2026-04-30T13:17:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2024:2693",
      "initial_release_date": "2024-05-07T15:50:35+00:00",
      "revision_history": [
        {
          "date": "2024-05-07T15:50:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-07T15:50:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T13:17:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                  "product_id": "7Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 8",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 8",
                  "product_id": "8Base-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-13.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-10.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-37.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.49-6.redhat_1.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.20-4.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
                  "product_id": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.7.1-2.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.24-6.el7jbcs?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-36.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-13.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-10.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-37.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.49-6.redhat_1.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.20-4.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
                  "product_id": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.7.1-2.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.24-6.el8jbcs?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-36.el8jbcs?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-13.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.43.0-13.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.43.0-13.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-10.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-10.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-10.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-37.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-37.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.49-6.redhat_1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.49-6.redhat_1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.20-4.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.20-4.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.7.1-2.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.7.1-2.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.7.1-2.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.7.1-2.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.24-6.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.24-6.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-36.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-36.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-13.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.43.0-13.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.43.0-13.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-10.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-10.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.57-10.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.57-10.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.57-10.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-37.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-37.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.49-6.redhat_1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.49-6.redhat_1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.20-4.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.20-4.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.7.1-2.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.7.1-2.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.7.1-2.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.7.1-2.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.7.1-2.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.24-6.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.24-6.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-36.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-36.el8jbcs?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-10.el7jbcs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-10.el8jbcs?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-2004",
      "cwe": {
        "id": "CWE-115",
        "name": "Misinterpretation of Input"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270500"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When a protocol selection parameter disables all protocols without adding any, the default set of protocols remains in the allowed set due to a logic error, allowing usage of disabled protocols.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: Usage of disabled protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped in Red Hat Enterprise Linux 6, 7, 8, 9, and RHSCL is not affected by this vulnerability because the vulnerable code was introduced in a newer version of curl.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270500",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2004.html",
          "url": "https://curl.se/docs/CVE-2024-2004.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "curl: Usage of disabled protocol"
    },
    {
      "cve": "CVE-2024-2379",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270499"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: QUIC certificate check bypass with wolfSSL",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped by Red Hat Enterprise Linux and RHSCL is not affected by this vulnerability because it does not have support for wolfSSL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270499",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270499"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2379.html",
          "url": "https://curl.se/docs/CVE-2024-2379.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "curl: QUIC certificate check bypass with wolfSSL"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270498"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: HTTP/2 push headers memory-leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270498",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2398.html",
          "url": "https://curl.se/docs/CVE-2024-2398.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: HTTP/2 push headers memory-leak"
    },
    {
      "cve": "CVE-2024-2466",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When curl is built to use mbedTLS as the TLS backend, it does not check the server certificate of TLS connections done to a host specified as an IP address.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: TLS certificate check bypass with mbedTLS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped by Red Hat Enterprise Linux and RHSCL is not affected by this vulnerability because it does not have support for mbedTLS.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2466.html",
          "url": "https://curl.se/docs/CVE-2024-2466.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: TLS certificate check bypass with mbedTLS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27316",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268277"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Apache. The worst case scenario is memory exhaustion causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability stems from an imperfect definition of the HTTP/2 protocol. As the httpd component is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268277",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:50:35+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2693"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.49-6.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-10.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.7.1-2.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-37.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.49-6.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.49-6.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.24-6.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.20-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-36.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-10.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-13.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-13.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2694

Vulnerability from csaf_redhat - Published: 2024-05-07 15:44 - Updated: 2026-04-30 13:17

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update

Severity

Moderate

Notes

CVE-2024-2004

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-115 - Misinterpretation of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix

Threats

Impact Low

CVE-2024-2379

A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix

Threats

Impact Low

CVE-2024-2398

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-772 - Missing Release of Resource after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-2466

A flaw was found in curl. When curl is built to use mbedTLS as the TLS backend, it does not check the server certificate of TLS connections done to a host specified as an IP address.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-27316

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Text-Only JBCS Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2694	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268277	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270497	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270498	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270499	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270500	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-2004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270500	external
https://www.cve.org/CVERecord?id=CVE-2024-2004	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2004	external
https://curl.se/docs/CVE-2024-2004.html	external
https://access.redhat.com/security/cve/CVE-2024-2379	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270499	external
https://www.cve.org/CVERecord?id=CVE-2024-2379	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2379	external
https://curl.se/docs/CVE-2024-2379.html	external
https://access.redhat.com/security/cve/CVE-2024-2398	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270498	external
https://www.cve.org/CVERecord?id=CVE-2024-2398	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2398	external
https://curl.se/docs/CVE-2024-2398.html	external
https://access.redhat.com/security/cve/CVE-2024-2466	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270497	external
https://www.cve.org/CVERecord?id=CVE-2024-2466	external
https://nvd.nist.gov/vuln/detail/CVE-2024-2466	external
https://curl.se/docs/CVE-2024-2466.html	external
https://access.redhat.com/security/cve/CVE-2024-27316	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268277	external
https://www.cve.org/CVERecord?id=CVE-2024-27316	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27316	external
https://httpd.apache.org/security/vulnerabilities…	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* curl: Usage of disabled protocol (CVE-2024-2004)\n* curl: QUIC certificate check bypass with wolfSSL (CVE-2024-2379)\n* curl: HTTP/2 push headers memory-leak (CVE-2024-2398)\n* curl: TLS certificate check bypass with mbedTLS (CVE-2024-2466)\n* jbcs-httpd24-httpd: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-nghttp2: httpd: CONTINUATION frames DoS (CVE-2024-27316)\n* jbcs-httpd24-nghttp2: nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2694",
        "url": "https://access.redhat.com/errata/RHSA-2024:2694"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_4_release_notes",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_4_release_notes"
      },
      {
        "category": "external",
        "summary": "2268277",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497"
      },
      {
        "category": "external",
        "summary": "2270498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
      },
      {
        "category": "external",
        "summary": "2270499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270499"
      },
      {
        "category": "external",
        "summary": "2270500",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2694.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update",
    "tracking": {
      "current_release_date": "2026-04-30T13:17:34+00:00",
      "generator": {
        "date": "2026-04-30T13:17:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2024:2694",
      "initial_release_date": "2024-05-07T15:44:38+00:00",
      "revision_history": [
        {
          "date": "2024-05-07T15:44:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-07T15:44:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T13:17:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Text-Only JBCS",
                "product": {
                  "name": "Text-Only JBCS",
                  "product_id": "Text-Only JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-2004",
      "cwe": {
        "id": "CWE-115",
        "name": "Misinterpretation of Input"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270500"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When a protocol selection parameter disables all protocols without adding any, the default set of protocols remains in the allowed set due to a logic error, allowing usage of disabled protocols.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: Usage of disabled protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped in Red Hat Enterprise Linux 6, 7, 8, 9, and RHSCL is not affected by this vulnerability because the vulnerable code was introduced in a newer version of curl.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270500",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2004.html",
          "url": "https://curl.se/docs/CVE-2024-2004.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "curl: Usage of disabled protocol"
    },
    {
      "cve": "CVE-2024-2379",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270499"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: QUIC certificate check bypass with wolfSSL",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped by Red Hat Enterprise Linux and RHSCL is not affected by this vulnerability because it does not have support for wolfSSL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270499",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270499"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2379.html",
          "url": "https://curl.se/docs/CVE-2024-2379.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "curl: QUIC certificate check bypass with wolfSSL"
    },
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270498"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: HTTP/2 push headers memory-leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270498",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2398.html",
          "url": "https://curl.se/docs/CVE-2024-2398.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: HTTP/2 push headers memory-leak"
    },
    {
      "cve": "CVE-2024-2466",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When curl is built to use mbedTLS as the TLS backend, it does not check the server certificate of TLS connections done to a host specified as an IP address.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: TLS certificate check bypass with mbedTLS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The curl package as shipped by Red Hat Enterprise Linux and RHSCL is not affected by this vulnerability because it does not have support for mbedTLS.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2466.html",
          "url": "https://curl.se/docs/CVE-2024-2466.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: TLS certificate check bypass with mbedTLS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27316",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268277"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream Apache. The worst case scenario is memory exhaustion causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability stems from an imperfect definition of the HTTP/2 protocol. As the httpd component is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268277",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Text-Only JBCS"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only JBCS"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-07T15:44:38+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only JBCS"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2694"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Text-Only JBCS"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Text-Only JBCS"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2778

Vulnerability from csaf_redhat - Published: 2024-05-09 06:29 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:20 security update

Severity

Important

Notes

Topic: An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-22025

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2778	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2778",
        "url": "https://access.redhat.com/errata/RHSA-2024:2778"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2778.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:20 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:36+00:00",
      "generator": {
        "date": "2026-03-18T02:38:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2778",
      "initial_release_date": "2024-05-09T06:29:01+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T06:29:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-09T06:29:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.9.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=src\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=src\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch (nodejs:20)",
                  "product_id": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.9.0%2B20473%2Bc4e3d824?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19519%2Be25b965a?arch=noarch\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@20.12.2-2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                "product": {
                  "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20)",
                  "product_id": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.20.12.2.2.module%2Bel8.9.0%2B21743%2B0b3f1be2?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8090020240422150739:a75119d5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20"
        },
        "product_reference": "nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        },
        "product_reference": "npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
        "relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
          "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:29:01+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2778"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debuginfo-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-debugsource-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-devel-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-docs-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-full-i18n-1:20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el8.9.0+20473+c4e3d824.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el8.9.0+19519+e25b965a.src::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19519+e25b965a.noarch::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x::nodejs:20",
            "AppStream-8.9.0.Z.MAIN:npm-1:10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64::nodejs:20"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

RHSA-2024:2779

Vulnerability from csaf_redhat - Published: 2024-05-09 06:26 - Updated: 2026-03-18 02:38

Summary

Red Hat Security Advisory: nodejs:18 security update

Severity

Important

Notes

Topic: An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-22025

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-25629

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-127 - Buffer Under-read

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2024-27982

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-27983

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-28182

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:2779	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-22025	self
https://bugzilla.redhat.com/show_bug.cgi?id=2270559	external
https://www.cve.org/CVERecord?id=CVE-2024-22025	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22025	external
https://access.redhat.com/security/cve/CVE-2024-25629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265713	external
https://www.cve.org/CVERecord?id=CVE-2024-25629	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25629	external
https://github.com/c-ares/c-ares/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-27982	self
https://bugzilla.redhat.com/show_bug.cgi?id=2275392	external
https://www.cve.org/CVERecord?id=CVE-2024-27982	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27982	external
https://nodejs.org/en/blog/vulnerability/april-20…	external
https://access.redhat.com/security/cve/CVE-2024-27983	self
https://bugzilla.redhat.com/show_bug.cgi?id=2272764	external
https://www.cve.org/CVERecord?id=CVE-2024-27983	external
https://nvd.nist.gov/vuln/detail/CVE-2024-27983	external
https://nowotarski.info/http2-continuation-flood/	external
https://www.kb.cert.org/vuls/id/421644	external
https://access.redhat.com/security/cve/CVE-2024-28182	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268639	external
https://www.cve.org/CVERecord?id=CVE-2024-28182	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28182	external
https://github.com/nghttp2/nghttp2/security/advis…	external

Acknowledgments

nowotarski.info Bartek Nowotarski

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: CONTINUATION frames DoS (CVE-2024-27983)\n\n* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)\n\n* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)\n\n* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)\n\n* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:2779",
        "url": "https://access.redhat.com/errata/RHSA-2024:2779"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
      },
      {
        "category": "external",
        "summary": "2268639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
      },
      {
        "category": "external",
        "summary": "2270559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
      },
      {
        "category": "external",
        "summary": "2272764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
      },
      {
        "category": "external",
        "summary": "2275392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2779.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:18 security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:38:51+00:00",
      "generator": {
        "date": "2026-03-18T02:38:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2024:2779",
      "initial_release_date": "2024-05-09T06:26:16+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T06:26:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-05-09T06:26:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:38:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=src\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=src\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch (nodejs:18)",
                  "product_id": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18)",
                  "product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0%2B19762%2Bd716bf3b?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                "product": {
                  "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18)",
                  "product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.1.0%2B15718%2Be52ec601?arch=noarch\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.2-2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                "product": {
                  "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18)",
                  "product_id": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@10.5.0-1.18.20.2.2.module%2Bel9.4.0%2B21742%2B692df1ea?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9040020240422140329:rhel9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18"
        },
        "product_reference": "nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18"
        },
        "product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18"
        },
        "product_reference": "nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18"
        },
        "product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        },
        "product_reference": "npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22025",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The identified flaw in Node.js, which involves the fetch() function always decoding Brotli content regardless of its source, represents a moderate severity issue due to its potential to facilitate denial of service attacks through resource exhaustion. This vulnerability allows malicious actors to manipulate the URL parameter passed into fetch(), exploiting the consistent Brotli decoding behavior to overwhelm system memory resources. While the impact is constrained to process termination, its severity is moderated by the requirement for specific conditions, such as untrusted URLs and system configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22025"
        }
      ],
      "release_date": "2024-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service"
    },
    {
      "cve": "CVE-2024-25629",
      "cwe": {
        "id": "CWE-127",
        "name": "Buffer Under-read"
      },
      "discovery_date": "2024-02-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c-ares: Out of bounds read in ares__read_line()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this a Low impact since this issue requires a specific configuration file to be configured incorrectly, meaning an attacker would need access to this configuration file to impact the server. This would normally correspond to an already compromised environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25629"
        },
        {
          "category": "external",
          "summary": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q",
          "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q"
        }
      ],
      "release_date": "2024-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "c-ares: Out of bounds read in ares__read_line()"
    },
    {
      "cve": "CVE-2024-27982",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2024-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2275392"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP Request Smuggling via Content Length Obfuscation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server\u0027s handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "RHBZ#2275392",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP Request Smuggling via Content Length Obfuscation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-27983",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2272764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst-case scenario resulting in a denial of service, in alignment with the upstream Node.js project. It is simple to exploit, could significantly impact availability, and there is no reasonable mitigation. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "RHBZ#2272764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases",
          "url": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs: CONTINUATION frames DoS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bartek Nowotarski"
          ],
          "organization": "nowotarski.info"
        }
      ],
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2024-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nghttp2: CONTINUATION frames DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates the security impact of this vulnerability as Moderate, in alignment with upstream nghttp2. The worst case scenario is excessive CPU utilization causing a denial of service. Once an attack has ended, the system should return to normal operations on its own.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
          "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q",
          "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q"
        },
        {
          "category": "external",
          "summary": "https://nowotarski.info/http2-continuation-flood/",
          "url": "https://nowotarski.info/http2-continuation-flood/"
        },
        {
          "category": "external",
          "summary": "https://www.kb.cert.org/vuls/id/421644",
          "url": "https://www.kb.cert.org/vuls/id/421644"
        }
      ],
      "release_date": "2024-04-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-05-09T06:26:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:2779"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-devel-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-docs-1:18.20.2-2.module+el9.4.0+21742+692df1ea.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.2-2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.3.0+19762+d716bf3b.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el9.1.0+15718+e52ec601.src::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el9.1.0+15718+e52ec601.noarch::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.aarch64::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.ppc64le::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.s390x::nodejs:18",
            "AppStream-9.4.0.Z.MAIN.EUS:npm-1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea.x86_64::nodejs:18"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nghttp2: CONTINUATION frames DoS"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-28182 (GCVE-0-2024-28182)

Tags

Sightings

Nomenclature